On Fri, Aug 3, 2018 at 1:25 AM Robert James Clay <jame@rocasa.us> wrote:
Running, for instance, the command "uscan --force-download --verbose --rename --destdir .." results in the error "BAD signature". And indeed, checking the resulting files from that command finds that the archive does look to have been repacked (it's smaller) and so the verify fails.
Not about repack, current watch file will download tarball that github generated, not the one upstream uploading to github release. Look at https://github.com/ledgersmb/LedgerSMB/releases, please be careful that there're two kinds of tarball. Don't look at https://github.com/ledgersmb/LedgerSMB/tags, which doesn't have asc signatures. And I think using upstream http release page is much simpler for you. -- Best regards, Shengjing Zhu