FWIW, the project below ought to be the "owner" of git-merge-changelog instead of the Debian 'gnulib' source package.
/Simon Bruno Haible via Announcements and Requests for Help from the GNU project and the Free Software Foundation <[email protected]> writes: > The GNU vc-changelog package contains tools for working with GNU-style > ChangeLog files under version control. > > It currently contains the git-merge-changelog program. This is a custom > git merge driver that avoids conflict markers in ChangeLog files during > "git pull", "git rebase", "git am -3", and so on. > > It is now available in version 1.0. > > ==== New in 1.0 ==== > > * Is is now a separate package (no longer hosted in GNU gnulib). > Homepage: https://www.gnu.org/software/vc-changelog/ > > * The upstream/downstream heuristic has been fixed to work with recent > releases of git. > > ==== Download ==== > > Here are the compressed sources and a GPG detached signature: > https://ftp.gnu.org/gnu/vc-changelog/git-merge-changelog-1.0.tar.gz > https://ftp.gnu.org/gnu/vc-changelog/git-merge-changelog-1.0.tar.gz.sig > > Use a mirror for higher download bandwidth: > https://ftpmirror.gnu.org/vc-changelog/git-merge-changelog-1.0.tar.gz > https://ftpmirror.gnu.org/vc-changelog/git-merge-changelog-1.0.tar.gz.sig > > Here are the SHA256 and SHA3-256 checksums: > > File: git-merge-changelog-1.0.tar.gz > SHA256 sum: > 65b7c98eed59f90f51510ff44641ca82e880be8e88f7d7906740a30e105c90c0 > SHA3-256 sum: > 8ed3956aabf9feb300cbd419395f172422beda9ea6a82b6cf354d18be1daa6b0 > > Verify the SHA256 checksum with either sha256sum, sha256, or > shasum -a 256. > > Verify the SHA3-256 checksum with cksum -a sha3 --check > from coreutils-9.8. > > Use a .sig file to verify that the corresponding file (without the > .sig suffix) is intact. First, be sure to download both the .sig file > and the corresponding tarball. Then, run a command like this: > > gpg --verify git-merge-changelog-1.0.tar.gz.sig > > The signature should match the fingerprint of the following key: > > pub ed25519 2025-01-28 [SC] > E0FF BD97 5397 F77A 32AB 76EC B630 1D9E 1BBE AC08 > uid Bruno Haible (Free Software Development) <[email protected]> > > If that command fails because you don't have the required public key, > or that public key has expired, try the following commands to retrieve > or refresh it, and then rerun the 'gpg --verify' command. > > gpg --recv-keys B6301D9E1BBEAC08 > > As a last resort to find the key, you can try the official GNU > keyring: > > wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg > gpg --keyring gnu-keyring.gpg --verify git-merge-changelog-1.0.tar.gz.sig > > > > >
signature.asc
Description: PGP signature
