Package: devscripts Version: 2.12.6 Severity: wishlist File: /usr/bin/uscan User: [email protected] Usertags: uscan
Some upstreams used detached GPG signatures to allow others to verify that their tarballs have not been tampered with or corrupted. Others simply add add files containing hash sums. uscan should support checking both of these verification methods. Automatically downloading and checking .asc/.gpg/.md5sum/.sha1sum/.sha256sum files would be a start but probably uscan needs to have some options for this in case upstream stores such files in different directories. -- bye, pabs http://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
_______________________________________________ devscripts-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
