Dpkg::Source::Package::V2: Allow detached upstream signatures
Upstream tarballs usually come with detached signatures, which would be useful to have in the source package, as an additional check that could be performed to verify its integrity and provenance. For now just allow the detached signatures to be listed in the file fields in the source control file (.dsc). Closes: #759478 Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
parent
9ee62ecf
Please register or sign in to comment