- Package:
- devscripts
- Source:
- devscripts
- Description:
- scripts to make the life of a Debian Package maintainer easier
- Submitter:
- Timo Röhling
- Date:
- 2026-02-08 16:01:02 UTC
- Severity:
- wishlist
Dear maintainers, CMake provides its source tarballs with an indirect signature scheme [1]: instead of signing the .zip and .tar.gz archives individually, they collect the SHA256 hashes of all files in a dedicated .txt file and then sign that. It would be nice if uscan could verify this signature scheme automatically, but I must admit I have no good proposal how to extend the watch file format. Cheers Timo [1] https://cmake.org/download/
Hi! I think this is a duplicate of #874029, thus merging. Thanks, Guillem