Package: lintian
Version: 2.7.0
Severity: wishlist


I just noticed that I've sometimes been failing to include the orig
tarball signature file for some of the uploads after the first new
upstream release. Let me clarify with an example:

  - Fetch upstream xfstt 1.9.3 orig.tar.xz and orig.tar.xz.asc.
  - Build xfstt 1.9.3-1 source w/ orig.tar.xz.asc. (Good)
  - Build xfstt 1.9.3-2 source w/o orig.tar.xz.asc. (Bad)
  - Build xfstt 1.9.3-3 source w/o orig.tar.xz.asc. (Bad)
  - Fetch upstream xfstt 1.10 orig.tar.xz and orig.tar.xz.asc.
  - Build xfstt 1.10-1 source w/ orig.tar.xz.asc. (Good)

So, when building new revisions it seems I'm prone to forget to place
the orig.tar.xz.asc alongside the orig.tar.xz sometimes. :/

It would be nice to get a warning to avoid this. I imagine a tag
could be emitted whenever there is no «*.orig.tar.*.asc» (for each
«*.orig.tar.*») and either of the following holds:

  - there is a debian/upstream/signing-key.asc file.
  - there is pgpmode or pgpsigurlmangle in opts in debian/watch.


Reply via email to