Package: lintian Version: 2.135.0 Severity: wishlist Hi!
When a source package does not include an upstream OpenPGP signature check in the debian/watch file it will emit the experimental tag debian-watch-does-not-check-openpgp-signature. When the debian/watch file has an explicit «Pgp-Mode: none» field or a pgpmode=none for older format versions, I think the tag should not be emitted, as the maintainer has deliberately stated in there that there is no such signature. This avoids duplicating this information both in the debian/watch file and in a debian/source/lintian-overrides file. A sample small package where this can be checked could be pci.ids, where the debian/source/lintian-overrides file can be removed to check before and after. Most golang packages are currently affected by this, and it would be a bit of a drag to have to record this in two places in the packaging, but I assume other ecosystems will be in a similar situation. Thanks, Guillem
