diff options
Diffstat (limited to 'tags/p/public-upstream-keys-in-multiple-locations.tag')
| -rw-r--r-- | tags/p/public-upstream-keys-in-multiple-locations.tag | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/tags/p/public-upstream-keys-in-multiple-locations.tag b/tags/p/public-upstream-keys-in-multiple-locations.tag new file mode 100644 index 0000000..522d81f --- /dev/null +++ b/tags/p/public-upstream-keys-in-multiple-locations.tag @@ -0,0 +1,11 @@ +Tag: public-upstream-keys-in-multiple-locations +Severity: info +Check: debian/upstream/signing-key +See-Also: uscan(1) +Explanation: The source package contains public upstream signing keys + (or keyrings) in multiple locations. This situation is potentially + confusing for uscan(1) or any other tool hoping to verify the + integrity and authenticity of upstream sources. + . + Please remove all keys (or keyrings) except one at the recommended + location <code>debian/upstream/signing-key.asc</code>. |