Lintian ReportsBETA

public-upstream-keys-in-multiple-locations

The source package contains public upstream signing keys (or keyrings) in multiple locations. This situation is potentially confusing for uscan(1) or any other tool hoping to verify the integrity and authenticity of upstream sources.

Please remove all keys (or keyrings) except one at the recommended location debian/upstream/signing-key.asc.

For more information please consult:

The tag is present in Lintian version 2.114.163. That is the most recent version we know about.

We use semantic versions. The patch number is a commit step indicator relative to the 2.113.0 release tag in our Git repository.

You can find the detection logic for this version at commit 43a81d7. For merge requests, please use the latest version in the Lintian check debian/upstream/signing-key.

Visibility: info

The following 4 source packages in the archive triggered the tag 4 times (in any Lintian version).

There were no overrides.