On Tue, Jan 23, 2018, Osamu Aoki wrote: > > I'm also not sure the Debian archive supports uploading a signature file > > against a file that isn't included in the distribution, so maybe this > > isn't really an issue worth handling in uscan... > > That is not a uscan bug. I as the primary uscan committer want to hear > your experience. Did you try? If you find out the answer, please let > me know what shall be done.
I have the answer for you: the Debian archive doesn't even check that the uploaded .asc is an actual signature. IIRC it only does a check on the filename (to assure that you are uploading something that is related to an already known file), but nothing else. That also means that it doesn't actually performe a signature check either. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
_______________________________________________ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel