Le 19/10/2025 à 08:16, Yadd a écrit :
Le 19/10/2025 à 07:41, Otto Kekäläinen a écrit :
There is a bug in the version4 converter. However, as workaround, you
can use this watchfile which works:
Version: 5
Source: https://github.com/williamdes/mariadb-mysql-kbs/tags
Matching-Pattern: .*/v?(\d[\d.]*)\.tar\.gz
Filename-Mangle: s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%@PACKAGE@-$1.tar.gz%
Pgp-Sig-Url-Mangle:
s%archive/refs/tags/(v[\d\.]+)\.tar\.gz%releases/download/$1/
$1.tar.gz.asc%
The above is no longer the GitHub template. What is the correct syntax
for the GitHub template to have the signature verified? Or is it by
design that the GitHub template is not compatible with any kind of
signature checking at all?
If so, we should maybe not encourage its use as it will make Debian's
supply-chain security posture less than before.
>
> The GitHub template uses api.github.com and not the human readable web
> (to workaround pagination), so in this particular case you can't use
> it.
One option is to modify uscan to add a "Github-Mode: web" option into
the Github template to permit to use "Pgp-Sig-Url-Mangle".
Would it be an acceptable solution ?
