>From >https://salsa.debian.org/debian/devscripts/-/merge_requests/540#note_642316
I tried testing this on package [glow](https://salsa.debian.org/go-team/packages/glow) that had the Archive field added: ```diff --- a/debian/upstream/metadata +++ b/debian/upstream/metadata @@ -3,3 +3,4 @@ Bug-Database: https://github.com/charmbracelet/glow/issues Bug-Submit: https://github.com/charmbracelet/glow/issues/new Repository: https://github.com/charmbracelet/glow.git Repository-Browse: https://github.com/charmbracelet/glow +Archive: GitHub ``` Diff of running `uscan --verbose` before vs after deleting the `debian/watch` file: ```diff +uscan info: Scan watch files in . +uscan info: Check debian/watch and debian/changelog in . +uscan info: Found debian/upstream/metadata instead of debian/watch, trying to read it -uscan info: Start checking for common possible upstream OpenPGP signature files -uscan info: End checking for common possible upstream OpenPGP signature files ``` The `glow-2.1.1.tar.gz` was correctly fetched, but without the `watch` file it was not ignoring the upstream signatures. For signature checking has currently regressed. To make them work again https://dep-team.pages.debian.net/deps/dep12/ should extended with a new field like e.g. `Release-signatures: yes`, or alternatively uscan should just assume that if `debian/upstream/signing-key.asc` exists, it must be used to check the upstream signature as suggested in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111115#25
