Re: minisign support in uscan

Simon Josefsson left as an exercise for the reader: > Sorry I confused it with signify: minisign is derived from (openbsd's) signify, so easily done! > See https://lists.debian.org/debian-devel/2024/10/msg00031.html thanks! -- nick black -=- https://nick-black.com to make an apple pie from scr

Re: minisign support in uscan

nick black writes: > Simon Josefsson left as an exercise for the reader: >> nick black writes: >> That would be great -- upstreams are using other mechanisms to sign >> their releases today, like Sigsum, Sigstore, gitsign S/MIME etc, and I >> don't think there is any reason why 'uscan' shouldn't

Re: minisign support in uscan

Yadd writes: > On 1/13/25 11:14, Simon Josefsson wrote: >> nick black writes: >> >>> i'm beginning to see use of minisign[0] as an alternative to GPG >>> for signing releases[2]. i'm completely ambivalent with regards to >>> the merits of minisign, but would like to be able to verify them >>> w

Re: minisign support in uscan

Simon Josefsson left as an exercise for the reader: > nick black writes: > That would be great -- upstreams are using other mechanisms to sign > their releases today, like Sigsum, Sigstore, gitsign S/MIME etc, and I > don't think there is any reason why 'uscan' shouldn't support all of > them. i'

Re: minisign support in uscan

On 1/13/25 11:14, Simon Josefsson wrote: nick black writes: i'm beginning to see use of minisign[0] as an alternative to GPG for signing releases[2]. i'm completely ambivalent with regards to the merits of minisign, but would like to be able to verify them with uscan. That would be great --

Re: minisign support in uscan

nick black writes: > i'm beginning to see use of minisign[0] as an alternative to GPG > for signing releases[2]. i'm completely ambivalent with regards to > the merits of minisign, but would like to be able to verify them > with uscan. That would be great -- upstreams are using other mechanisms

Re: minisign support in uscan

nick black left as an exercise for the reader: > i'm beginning to see use of minisign[0] as an alternative to GPG > for signing releases[2]. i'm completely ambivalent with regards to > the merits of minisign, but would like to be able to verify them > with uscan. so this is how watch might look fo

minisign support in uscan

i'm beginning to see use of minisign[0] as an alternative to GPG for signing releases[2]. i'm completely ambivalent with regards to the merits of minisign, but would like to be able to verify them with uscan. looking at the uscan man page and code[1], i don't see any way to specify an alternative