nick black left as an exercise for the reader: > i'm beginning to see use of minisign[0] as an alternative to GPG > for signing releases[2]. i'm completely ambivalent with regards to > the merits of minisign, but would like to be able to verify them > with uscan.
so this is how watch might look for minisign packages[0]: -------- version=4 # example URIs: # https://ziglang.org/download/0.13.0/zig-0.13.0.tar.xz # https://ziglang.org/download/0.13.0/zig-0.13.0.tar.xz.minisig opts="sigtype=minisign, \ pgpsigurlmangle=s/$/.minisig/, \ dversionmangle=s/\+dfsg(\.?\d+)?$//, \ repacksuffix=+dfsg" \ https://ziglang.org/download/ .*/zig-([0-9\.]*)\.tar\.xz \ debian uupdate -------- no one needs change their packages except people who have pgpmode=none despite the presence of pgpsigurlmangle (which will become an error if i execute my plan as proposed). [0] https://salsa.debian.org/nickblack/zig/-/blob/main/debian/watch -- nick black -=- https://nick-black.com to make an apple pie from scratch, you need first invent a universe.
signature.asc
Description: PGP signature
