Package: devscripts Version: 2.18.7 Severity: normal When uscan is verifying signatures, it currently uses gpgv everywhere except when pgpmode=self. in that case, it uses gpg, presumably in order to extract the source tarball.
however, modern GnuPG (since 2.1.16, so including debian stretch) offers
an --output flag for gpgv that should do the same thing.
We should be able to avoid requiring uscan have the full gpg binary
available by changing the handling for pgpmode=self.
--dkg
signature.asc
Description: PGP signature
