Hi, Russ Allbery wrote:
> How does this look to everyone? Seconded, with or without the tweaks dkg suggested in https://bugs.debian.org/732445#68 Thanks, Jonathan > --- a/policy.xml > +++ b/policy.xml > @@ -2556,11 +2556,28 @@ endif</programlisting> > > <para> > This is an optional, recommended configuration file for the > - <literal>uscan</literal> utility which defines how to > + <command>uscan</command> utility which defines how to > automatically scan ftp or http sites for newly available updates > of the package. This is used Debian QA tools to help with quality > control and maintenance of the distribution as a whole. > </para> > + <para> > + If the upstream maintainer of the software provides PGP signatures > + for new releases, including the information required for > + <command>uscan</command> to verify signatures for new upstream > + releases is also recommended. To do this, use the > + <literal>pgpsigurlmangle</literal> option in > + <filename>debian/watch</filename> to specify the location of the > + upstream signature, and include the key or keys used to sign > + upstream releases in the Debian source package as > + <filename>debian/upstream/signing-key.asc</filename>. > + </para> > + <para> > + For more information about <command>uscan</command> and these > + options, including how to generate the file containing upstream > + signing keys, see > + > <citerefentry><refentrytitle>uscan</refentrytitle><manvolnum>1</manvolnum></citerefentry>. > + </para> > </section> > > <section id="s-debianfiles"> >
