Package: pidgin Version: 2.10.9-1+b1 Severity: wishlist According to https://sourceforge.net/projects/pidgin/files/Pidgin/2.10.9/, there are cryptographic signatures (*.asc) associated with pidgin downloads from sourceforge.
Please set up debian/upstream/signing-key.asc and add a pgpsigurlmangle option in debian/watch so that uscan can verify the files downloaded. debian/upstream/signing-key.asc should be the ascii-armored form of the key (or keys) you expect upstream to sign each release with. uscan probably just needs the following string added to the options: pgpsigurlmangle=s/$/.asc/ see uscan(1) for more details. Thanks for maintaining pidgin in debian! --dkg -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages pidgin depends on: ii gconf2 3.2.6-3 ii libatk1.0-0 2.14.0-1 ii libc6 2.19-11 ii libcairo2 1.12.16-5 ii libdbus-1-3 1.8.8-1+b1 ii libdbus-glib-1-2 0.102-1 ii libfontconfig1 2.11.0-6.1 ii libfreetype6 2.5.2-2 ii libgdk-pixbuf2.0-0 2.30.8-1+b1 ii libglib2.0-0 2.42.0-2 ii libgstreamer0.10-0 0.10.36-1.4 ii libgtk2.0-0 2.24.24-1 ii libgtkspell0 2.0.16-1.1 ii libice6 2:1.0.9-1 ii libpango-1.0-0 1.36.8-2 ii libpangocairo-1.0-0 1.36.8-2 ii libpangoft2-1.0-0 1.36.8-2 ii libpurple0 2.10.9-1+b1 ii libsm6 2:1.2.2-1 ii libx11-6 2:1.6.2-3 ii libxml2 2.9.1+dfsg1-4 ii libxss1 1:1.2.2-1 ii perl-base [perlapi-5.20.0] 5.20.1-1 ii pidgin-data 2.10.9-1 Versions of packages pidgin recommends: ii gstreamer0.10-plugins-base 0.10.36-2 ii gstreamer0.10-plugins-good 0.10.31-3+nmu4 Versions of packages pidgin suggests: ii libsqlite3-0 3.8.6-1 -- debconf-show failed -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org