On Tue, 06 Jan 2026 09:30:30 +0000, Holger Levsen wrote:
On Tue, Jan 06, 2026 at 05:30:32AM +0100, gregor herrmann wrote:> > > * debian-watch-does-not-check-openpgp-signature > > I disagree. > Hmm ok, let's keep this one then. :sadface: I think this is the lintian tag I hate the most, because (Meta)CPAN doesn't support signatures, so I'm seeing this tag for each and every update of a Perl package, and I can't do anything about it.(I do get your sad face but) surely you can override those? As I see it, it's sad that (Meta)CPAN doesnt sign the releases, but that should not cause everybody else to do have equally poor practices?!?
I guess my frustration stems from the combination of - lintian being right (there is no OpenPGP signature), so an override would be wrong IMO; - and me being unable to do anything about it. Cheers, gregor -- .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe`-
signature.asc
Description: Digital Signature
