[20:49] <realtime-neil_> How do I tell a source package recipe to _sign_ the `*.dsc` file it creates?
[22:14] <cjwatson> realtime-neil_: The builders don't have GPG keys, so that won't happen
[22:15] <cjwatson> realtime-neil_: In theory they could, but it would be a lot of effort to achieve very little; you can already authenticate source packages downloaded from an archive by checking the signature on the archive's InRelease file and then following the chain of checksums from there ("apt update" + "apt source" will do this automatically if pointed at the archive in question)