On 2/27/26 6:21 PM, Yifei Zhan wrote:
- Upstream has git signing enabled with pgp, have you considered configure debian/watch to verify the signature?- Please add a comment under override_dh_auto_test: on why it's disabled (e.g. tests require unpackaged google breakpad) Otherwise it looks OK to me.
Thank you for the feedback. I've added a comment to the override and have pushed to Salsa. I have also reuploaded to mentors. For d/watch signatures: upstream does not use git tag -s but instead lightweight tags on signed commits, so pgpmode=gittag cannot verify them (I believe this is Bug#1015233). If you think I have missed something though, let me know. I have mentioned to upstream that using git tag -s would solve this problem.
OpenPGP_signature.asc
Description: OpenPGP digital signature
