Lintian Reports

I public-upstream-keys-in-multiple-locations

All reports of public-upstream-keys-in-multiple-locations for the archive. The extended description of this tag is:

The source package contains public upstream signing keys (or keyrings) in multiple locations. This situation is potentially confusing for uscan(1) or any other tool hoping to verify the integrity and authenticity of upstream sources.

Please remove all keys (or keyrings) except one at the recommended location debian/upstream/signing-key.asc.

Refer to the uscan(1) manual page for details.

Severity: wishlist, Certainty: certain

Check: upstream-signing-key, Type: source

Evolution of the public-upstream-keys-in-multiple-locations Lintian tag over the past 366 days:

The beforementioned graph for the public-upstream-keys-in-multiple-locations tag

Emitted (non-overridden): 8, overridden: 0, total: 8

The package names link to the relevant maintainer page and the corresponding report for the source package. The links go to the full maintainer report page, which includes info and experimental tags and overridden tags, rather than the default page that shows only errors and warnings.

budgie-extras 0.6.1-4 (source) (David Mohammed <fossfreedom@ubuntu.com>)

equalx 0.7.1-4.1 (source) (Dariusz Dwornikowski <dariusz.dwornikowski@cs.put.poznan.pl>)

gdb 8.2-1 (source) (Héctor Orón Martínez <zumbi@debian.org>)

gdb 8.1-4 (source) (Héctor Orón Martínez <zumbi@debian.org>)

igtf-policy-bundle 1.95-1 (source) (Dennis van Dok <dennisvd@nikhef.nl>)

libidn2 2.0.5-1 (source) (Debian Libidn team <help-libidn@gnu.org>)

munin-c 0.0.11-1 (source) (Matthias Schmitz <matthias@sigxcpu.org>)

tomoyo-tools 2.5.0-20170102-4 (source) (Hideki Yamane <henrich@debian.org>)