Control: merge 874029 -1 Hi!
On Mon, 2022-07-04 at 14:11:50 +0200, Timo Röhling wrote: > Package: devscripts > Version: 2.22.2 > Severity: wishlist > Control: block 802304 by -1 > CMake provides its source tarballs with an indirect signature > scheme [1]: instead of signing the .zip and .tar.gz archives > individually, they collect the SHA256 hashes of all files in > a dedicated .txt file and then sign that. > > It would be nice if uscan could verify this signature scheme > automatically, but I must admit I have no good proposal how to > extend the watch file format. I think this is a duplicate of #874029, thus merging. Thanks, Guillem
