Control: tags -1 +pending Hi,
Thanks for the report. I’ve removed upstreams key and disabled GPG verification in debian/watch. This will be fixed with the next upload. I’ll apply the same change to python-argon2-cffi-bindings as well. > Upstream git tags are now signed with some SSH key, and upstream > advertises "artifact attestions" using "GitHub's CLI tool" as a method > to verify released files. I'm not sure if either the SSH key or the > github stuff is somehow supported by uscan; either way, verification > using the GPG key in d/upstream/... no longer works and should be > replaced or removed. >From what I could find, uscan does not support SSH signatures nor GitHub attestations (at least not yet). Best, -- Carl
signature.asc
Description: PGP signature
