Your message dated Sat, 07 Mar 2026 15:05:46 +0000
with message-id <[email protected]>
and subject line Bug#1129982: fixed in lintian 2.131.0
has caused the Debian Bug report #1129982,
regarding orig-tarball-missing-upstream-signature shouldn't be a warning when
Pgpmode:gittag is used
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1129982: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129982
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: lintian
Version: 2.122.0
Hi!
It seems orig-tarball-missing-upstream-signature is enabled at Warning
severity level when debian/upstream/signing-key.asc exists but there is
no *.asc PGP tarball signature, see lintian complaint below.
However 'ding-libs' is using upstream git as the source, and upstream
uses PGP signed tags, as explained by debian/watch:
Version: 5
Source: https://github.com/SSSD/ding-libs.git
Matching-Pattern: refs/tags/@ANY_VERSION@
Mode: git
Pgpmode: gittag
For that PGP git tag verification to work, a PGP key is needed, and I
believe uscan and other tools uses debian/upstream/signing-key.asc for
verifying PGP-signed git tags, and has done so for a long time now.
Thus, I think orig-tarball-missing-upstream-signature should be modified
to not trigger, at least not at warning level, when PGP-signed git tags
are used.
I did not see PGP-signed git tags discussed in #954743 and #872864 but
could have missed it, so I think this is a somewhat different situation.
Thoughts?
/Simon
W: ding-libs source: orig-tarball-missing-upstream-signature
ding-libs_0.7.0.orig.tar.xz
N:
N: The packaging includes an upstream signing key but the corresponding .asc
N: signature for one or more source tarballs are not included in your
N: .changes file.
N:
N: Please ensure a <package>_<version>.orig.tar.<ext>.asc file exists in the
N: same directory as your <package>_<version>.orig.tar.<ext> tarball prior to
N: dpkg-source --build being called.
N:
N: If you are repackaging your source tarballs for Debian Free Software
N: Guidelines compliance reasons, ensure that your package version includes
N: dfsg or similar.
N:
N: Sometimes, an upstream signature must be added for an orig.tar.gz that is
N: already present in the archive. Please include the upstream sources again
N: with dpkg-genchanges -sa while the signature is also present. Your upload
N: will be accepted as long as the new orig.tar.gz file is identical to the
N: old one.
N:
N: Please refer to Bug#954743 and Bug#872864 for details.
N:
N: Visibility: warning
N: Show-Always: no
N: Check: upstream-signature
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: lintian
Source-Version: 2.131.0
Done: Nilesh Patra <[email protected]>
We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nilesh Patra <[email protected]> (supplier of updated lintian package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 07 Mar 2026 19:39:51 +0530
Source: lintian
Architecture: source
Version: 2.131.0
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <[email protected]>
Changed-By: Nilesh Patra <[email protected]>
Closes: 1129794 1129982
Changes:
lintian (2.131.0) unstable; urgency=medium
.
[ Nilesh Patra ]
* Summary of tag changes:
+ Removed:
- skip-systemd-native-flag-missing-pre-depends
* Fixup tests with dpkg 1.23.6 due to invalid emails not allowed in
Changed-By field (Closes: #1129794)
* Add lintian test for too-many-contacts
* Add better regex for checking pgpmode in d/watch version 5
(Closes: #1129982)
.
[ Luca Boccassi ]
* Drop obsolete skip-systemd-native-flag-missing-pre-depends
Checksums-Sha1:
0613ffeae3389b1f7d4d135a7217dfadd6228d8a 3657 lintian_2.131.0.dsc
d514da1663a285b6a3a1c8c9eda7a4f4c0f8609c 2233664 lintian_2.131.0.tar.xz
9a57ec0d37221b09218db5c463a768472ac5230f 21827 lintian_2.131.0_amd64.buildinfo
Checksums-Sha256:
54d92aaf2b537f3e852fae88af01cd962d060494037c55af70a7f9a306c10f67 3657
lintian_2.131.0.dsc
a93b3dba30158dc2de236061bef1ac2ffa955eef942763cfe4e8d3cdb3af9eef 2233664
lintian_2.131.0.tar.xz
9b9a4ad882c3cbff92a99f20032a13e3ea3741e40d310139bea95d8c4cfc5838 21827
lintian_2.131.0_amd64.buildinfo
Files:
a7ab8a8dde9019af8dc1d5fd16675459 3657 devel optional lintian_2.131.0.dsc
c89475dfdd89355ef697db4486ea7249 2233664 devel optional lintian_2.131.0.tar.xz
6623380f551d695c633e2485b0195fbb 21827 devel optional
lintian_2.131.0_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iIgEARYKADAWIQSglbZu4JAkvuai8HIqJ5BL1yQ+2gUCaaw7BBIcbmlsZXNoQGRl
Ymlhbi5vcmcACgkQKieQS9ckPtrTzwD/TVnpmrGpwrKn8pdGmjWLnWPZvVMop7PA
7LIqeICV0dMBAMBi/aV5IvPmudt9fWCUa3y/Z8ccZxocEHkGSiVjaggM
=SQFW
-----END PGP SIGNATURE-----
pgpvV0uK5516c.pgp
Description: PGP signature
--- End Message ---
