This watch file does not specify a means to verify the upstream tarball using a cryptographic signature.
If upstream distributions provides such signatures, please use the
pgpsigurlmangle options in this watch file's
generate the URL of an upstream GPG signature. This signature is
automatically downloaded and verified against a keyring stored in
Of course, not all upstreams provide such signatures but you could request them as a way of verifying that no third party has modified the code after its release (projects such as phpmyadmin, unrealircd, and proftpd have suffered from this kind of attack).
For more information please consult:
- the uscan(1) manual page
The tag is present in Lintian version
That is the most recent version we know about.
We use semantic versions.
The patch number is a commit step indicator relative to the
release tag in our Git
You can find the detection logic for this version at commit ca97c3a. For merge requests, please use the latest version in the Lintian check debian/watch.
This tag is experimental.