> There is a bug in the version4 converter. However, as workaround, you > can use this watchfile which works: > > Version: 5 > > Source: https://github.com/williamdes/mariadb-mysql-kbs/tags > Matching-Pattern: .*/v?(\d[\d.]*)\.tar\.gz > Filename-Mangle: s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%@PACKAGE@-$1.tar.gz% > Pgp-Sig-Url-Mangle: > s%archive/refs/tags/(v[\d\.]+)\.tar\.gz%releases/download/$1/$1.tar.gz.asc%
The above is no longer the GitHub template. What is the correct syntax for the GitHub template to have the signature verified? Or is it by design that the GitHub template is not compatible with any kind of signature checking at all? If so, we should maybe not encourage its use as it will make Debian's supply-chain security posture less than before.
