Sysop: | Amessyroom |
---|---|
Location: | Fayetteville, NC |
Users: | 41 |
Nodes: | 6 (0 / 6) |
Uptime: | 13:46:32 |
Calls: | 292 |
Files: | 913 |
Messages: | 77,421 |
Hello mentors,
upstream signed last release [1], and if I download the text and save
it as upstream.pgp.asc I can do
[...]
I did a little search and it looks that, in order to automatically
verify upstream tarball, a file like [2] (?) is needed:
is there a way I can extract that info from upstream public key or do I
have to ask upstream to provide that info (I don't see it anywhere)?
https://www.debian.org/doc/manuals/debmake-doc/ch06.en.html#signing-key
Also, the exported key should be a minimal key, you may need to add "--export-options export-minimal" when exporting the key. I think
there is a lintian check for this.
Nicolas.