Package: lintian
Version: 2.5.116
Severity: minor

As designed, debian-watch-does-not-check-gpg-signature does not check if
upstream provides a GPG signature to make checking it possible.  I get that
the "Certainty: certain" is meant to mean that it's certain that uscan won't
check a GPG signature, but this isn't really useful since many (most)
upstreams don't sign their releases.

To me, "Certainty: certain" reads as it is certain that this is a problem with
the package, when if there's no upstream signature, it's not at all a problem
the maintainer can fix.  "Certainty: possible" seems much more reasonable to
me.

Scott K

Reply via email to