#802384 Add signing key check

Package:
src:cmake
Source:
cmake
Submitter:
Mathieu Malaterre
Date:
2026-02-08 16:01:01 UTC
Severity:
wishlist
#802384#5
Date:
2015-10-19 19:54:27 UTC
From:
To:
Looks like cmake.org now expose a key to check tarballs:

Cryptographic Hashescmake-3.4.0-rc1-SHA-256.txt
cmake-3.4.0-rc1-SHA-256.txt.asc

See:
https://cmake.org/download/

Please import it (as debian/upstream/signing-key.asc)
#802384#8
Date:
2021-09-15 11:31:30 UTC
From:
To:
Hi Mathieu,
Unfortunately, upstream does not sign the archives themselves but a
separate text file with SHA-256 hashes of all archives.

AFAIK uscan cannot handle this type of signature automatically.

Cheers
Timo