James McCoy wrote: >In devscripts 2.13.3, uscan gained the ability to verify signature of >the upstream tarball using a file debian/upstream-signing-key.pgp. In >2.14.0, I added the ability to use armored keys and decided to move the >files under debian/upstream/, an idea which had been suggested by a few >people. > >This introduced a conflict with DEP-12 (c.f., #736760), which uses >debian/upstream to track metadata about the upstream project. Tools >like umegaya[0] and Debian Med's task list[1] use the information >provided in this file. [..] >Part of the reason I chose to use debian/upstream/ is that an extensible >location for upstream related information (similar in spirit to >debian/source/) could be useful.
I've really wondered, why you didn't use debian/source/ for this purpose and introduced another directory? Why not put the key used to sign the upstream source right into debian/source/? [..] >- Choosing a new name for DEP-12's file and updating the wording in >DEP-12. My suggestion would be debian/upstream/metadata. Sounds reasonable to me. Regards, Daniel -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/trinity-c6d9bf47-e5f5-4226-83f2-ca74a6c60095-1391765572489@3capp-gmx-bs19