Hi, I have a naming suggestion taken from the first part of the extended description.
"This watch file does not include a means to verify the upstream tarball using cryptographic signature." Perhaps: debian-watch-does-not-check-for-gpg-signature By the way, the link to uscan on the lintian website goes to "wheezy" by default which does not include anything about gpg signatures. Should it point to sid? http://manpages.debian.net/cgi-bin/man.cgi?query=uscan&apropos=0&sektion=1&manpath=Debian+unstable+sid Additionally, when it is a pedantic warning it is hard to convince small upstream projects to sign their releases when there is no clear advice on how to go about it. A link from the Lintian warning webpage would be handy. I would gladly start a wiki page if I knew what the best advice was. MySQL's approach: http://dev.mysql.com/doc/refman/5.7/en/checking-gpg-signature.html An example of how to download key and import/export to debian directory: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732450 Regards, Ross -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org