# Upstream provides PGP-signed git tags, rather than tarballs; and github
# doesn't seem to expose the tag itself (in the `git cat-file tag 0.6.0` sense)
# in a GETable URL.  Thus, the debian/upstream/signing-key.asc _is_ useful — it
# serves to pin the public keys expected to sign upstream tags — even though that
# verification is not currently automated.
zsh-syntax-highlighting source: debian-watch-could-verify-download
# Upstream provides PGP-signed git tags, rather than tarballs.
zsh-syntax-highlighting source: debian-watch-does-not-check-openpgp-signature
# Upstream provides PGP-signed git tags, rather than tarballs.
zsh-syntax-highlighting source: orig-tarball-missing-upstream-signature
# lintian recommends to "consider setting USCAN_SYMLINK=rename in your ~/.devscripts".
#
# That would be action at a distance, would have to be set by all contributors
# to the package, and would affect builds of other packages as well.  It's much
# better to have the package specify the required rename, as it depends on
# upstream's (hosting site's) configuration, as opposed to an individual
# contributor or builder's preferences.
#
# The tag is currently experimental.
zsh-syntax-highlighting source: prefer-uscan-symlink