Package: devscripts Version: 2.22.1 Severity: wishlist Hello,
The latest gnutls tarballs have multiple signatures. I would like to have uscan succeed if at least one of signatories is listed in debian/upstream/signing-key.asc. Uscan currently requires all signatures to verify with no way to configure differently afaict. 8X-------------- ametzler@argenau:/tmp/GNUTLS/gnutls-3.7.4$ uscan --verbose --rename [...] uscan info: Requesting URL: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.5.tar.xz.sig uscan info: Verifying OpenPGP signature ../gnutls-3.7.5.tar.xz.sig for ../gnutls-3.7.5.tar.xz gpgv: Signature made Do 12 Mai 2022 15:15:36 CEST gpgv: using EDDSA key 5D46CB0F763405A7053556F47A75A648B3F9220C gpgv: Can't check signature: No public key gpgv: Signature made Do 12 Mai 2022 16:54:05 CEST gpgv: using RSA key 462225C3B46F34879FC8496CD605848ED7E69871 gpgv: Good signature from "Daiki Ueno <[email protected]>" gpgv: aka "Daiki Ueno <[email protected]>" uscan die: OpenPGP signature did not verify. at /usr/share/perl5/Devscripts/Uscan/Output.pm line 60. ametzler@argenau:/tmp/GNUTLS/gnutls-3.7.4$ 8X-------------- cu Andreas
