# Upstream provides PGP-signed git tags, rather than tarballs; and github
# doesn't seem to expose the tag itself (in the `git cat-file tag 0.6.0` sense)
# in a GETable URL.  Thus, the debian/upstream/signing-key.asc _is_ useful — it
# serves to pin the public keys expected to sign upstream tags — even though that
# verification is not currently automated.
zsh-syntax-highlighting source: debian-watch-could-verify-download
# Upstream provides PGP-signed git tags, rather than tarballs.
zsh-syntax-highlighting source: debian-watch-does-not-check-gpg-signature
# Upstream provides PGP-signed git tags, rather than tarballs.
zsh-syntax-highlighting source: orig-tarball-missing-upstream-signature

# 0.8.0~alpha1-pre-redrawhook-1 is the correct version number.
zsh-syntax-highlighting source: rc-version-greater-than-expected-version
# Ditto.
zsh-syntax-highlighting source: hyphen-in-upstream-part-of-debian-changelog-version
