Chris, On Fri, Sep 1, 2017 at 1:55 AM, Chris Lamb <la...@debian.org> wrote: > > Hey Stefan and Paul, > > > orig-tarball-missing-upstream-signature error breaks rebuilding > > existing packages > > The next version of Lintian will ignore "repacked" tarballs - ones > that contain "dfsg" in their version.
That certainly sounds reasonable, because the "dfsg" version is no longer the original version for those cases. > > Perhaps we could also ignore "UNRELEASED" in the distribution? Or > is there something else we could check for in the version...? Personally, I run pdebuild with a hook for the unstable version of lintian, and separately run the testing version of lintian, all the time on an UNRELEASED distribution during development. I only change UNRELEASED to unstable at the very end to finalize a package for uploading, after performing all checks. I am probably not the only one to do that. So I would still let lintian treat an UNRELEASED distribution as if it were in final form. As for a straightforward acceptance of GNU Project ".sig" files for packages as I requested previously in this bug report, later discussion on the debian-policy mailing list has shown preference for ".asc"-only files, with ".sig" files being converted to ".asc": https://lists.debian.org/debian-policy/2017/08/msg00201.html There is no outright ban on binary ".sig" files, but that discussion is leaning towards ".asc"-only signatures. Of course, Debian Policy 4.1.0 also just added mention of debian/upstream/signing-key.asc. Thank you, Paul Hardy
