Hi Phil, Thanks for the checks!
Phil Wyett <philip.wy...@kathenas.org> writes: > [...] > > Lintian: > > W: csv-mode source: orig-tarball-missing-upstream-signature csv- > mode_1.27.orig.tar.xz > N: > N: The packaging includes an upstream signing key but the corresponding .asc > N: signature for one or more source tarballs are not included in your > N: .changes file. > N: > N: Please ensure a <package>_<version>.orig.tar.<ext>.asc file exists in the > N: same directory as your <package>_<version>.orig.tar.<ext> tarball prior > to > N: dpkg-source --build being called. > N: > N: If you are repackaging your source tarballs for Debian Free Software > N: Guidelines compliance reasons, ensure that your package version includes > N: dfsg or similar. > N: > N: Sometimes, an upstream signature must be added for an orig.tar.gz that is > N: already present in the archive. Please include the upstream sources again > N: with dpkg-genchanges -sa while the signature is also present. Your upload > N: will be accepted as long as the new orig.tar.gz file is identical to the > N: old one. > N: > N: Please refer to Bug#954743 and Bug#872864 for details. > N: > N: Visibility: warning > N: Show-Always: no > N: Check: upstream-signature A bit of explanation on this: GNU ELPA distributes the current releases through an uncompressed .tar archive, and uscan will repack it to .tar.xz or according to your d/watch or d/gbp.conf rules. So the signing key is not very useful for verifying the repacked tarball unfortunately as a result. > [...] -- Regards, Xiyue Deng
signature.asc
Description: PGP signature
