Le 08/11/2025 à 09:45, Nilesh Patra a écrit :
[ Not subscribed, CC me if you want me to read your reply. ]
Upstream for golang-sourcehut-rockorager-go-jmap has started signing tags via
ssh instead of gpg keys now.
I tried to search if d/watch has the functionality to validate ssh sigs
instead, but
all I could find is the d/u/signing-keys.asc which is gpg armor style
signature, and hence
opts="mode=git, gitmode=full, pgpmode=gittag"
in d/watch simply does not work.
Does anyone know how to check for ssh signing instead?
Hi,
SSH signatures are more of a gimmick than a true electronic signature; I
don't see the point of putting them on the same level as a GPG signature
in uscan.
Cheers,
Xavier
