On Mon, Jul 31, 2017 at 5:41 AM, Christian Seiler wrote: > On 07/31/2017 11:34 AM, Andrey Rahmatullin wrote: >> uscan isn't used, or needed, in the git-only workflow at all. > > In purely git workflows (that pull remote git tags), sure, but > then you'd not have debian/watch
That isn't necessarily true, since uscan now supports searching git remotes for the latest tag. So you could have debian/watch (and potentially an upstream signing keyring for verifying tags/commits) but not any upstream tarball signature, since the tarball would be generated by `git archive` run from mk-origtargz. > And there I do want uscan to actually check the signature of > the new orig tarball it downloads. But that also means that as > I'm using the orig tarball from upstream (and pristine-tar is > just a weird way of storing it) I think it is semantically > correct to include the .asc files in the .changes file. Perhaps you need pristine-tar to also store the .asc file and check it out when appropriate. -- bye, pabs https://wiki.debian.org/PaulWise
