Yadd <y...@debian.org> writes: > On 1/13/25 11:14, Simon Josefsson wrote: >> nick black <dankamong...@gmail.com> writes: >> >>> i'm beginning to see use of minisign[0] as an alternative to GPG >>> for signing releases[2]. i'm completely ambivalent with regards to >>> the merits of minisign, but would like to be able to verify them >>> with uscan. >> That would be great -- upstreams are using other mechanisms to sign >> their releases today, like Sigsum, Sigstore, gitsign S/MIME etc, and I >> don't think there is any reason why 'uscan' shouldn't support all of >> them. > > gitsign is supported
I was unclear, I meant this gitsign: https://github.com/sigstore/gitsign I don't think this approach is supported by uscan? I only see about PGP on https://manpages.debian.org/testing/devscripts/uscan.1.en.html /Simon >> This reminds me about the 'apt-get install minisign' package naming >> concern that we tried to flesh out a migration policy for earlier. I >> think I ultimately got lost trying to work out the migration flow for >> how to achieve that... >> /Simon > >
signature.asc
Description: PGP signature
