# Upstream's detached .sign verifies the uncompressed tar stream using
# debian/upstream/signing-key.asc.  It cannot verify the xz-compressed orig
# tarball emitted by dpkg-source.  Revisit this if upstream signs the
# compressed tarball.
libgpiod source: orig-tarball-missing-upstream-signature
