public-upstream-keys-in-multiple-locations

The source package contains public upstream signing keys (or keyrings) in multiple locations. This situation is potentially confusing for uscan(1) or any other tool hoping to verify the integrity and authenticity of upstream sources.

Please remove all keys (or keyrings) except one at the recommended location debian/upstream/signing-key.asc.

For more information please consult:

the uscan(1) manual page

The tag is present in Lintian version 2.114.163. That is the most recent version we know about.

We use semantic versions. The patch number is a commit step indicator relative to the 2.114.0 release tag in our Git repository.

You can find the detection logic for this version at commit c1c05b0. For merge requests, please use the latest version in the Lintian check debian/upstream/signing-key.

Visibility: info

The following 4 source packages in the archive triggered the tag 4 times (in any Lintian version).

There were no overrides.

equalx

upstream-signing-key.pgp upstream/signing-key.asc

upstream-signing-key.pgp upstream/signing-key.asc

krb5

upstream/signing-key.asc upstream/signing-key.pgp

radvd

upstream/signing-key.asc upstream/signing-key.pgp