Package: devscripts Version: 2.18.7 Severity: normal When uscan is verifying signatures, it currently uses gpgv everywhere except when pgpmode=self. in that case, it uses gpg, presumably in order to extract the source tarball.
however, modern GnuPG (since 2.1.16, so including debian stretch) offers an --output flag for gpgv that should do the same thing. We should be able to avoid requiring uscan have the full gpg binary available by changing the handling for pgpmode=self. --dkg
signature.asc
Description: PGP signature