Re: Conflict between debian/upstream (DEP-12) & debian/upstream/ (uscan)
James McCoy wrote:
>In devscripts 2.13.3, uscan gained the ability to verify signature of
>the upstream tarball using a file debian/upstream-signing-key.pgp. In
>2.14.0, I added the ability to use armored keys and decided to move the
>files under debian/upstream/, an idea which had been suggested by a few
>people.
>
>This introduced a conflict with DEP-12 (c.f., #736760), which uses
>debian/upstream to track metadata about the upstream project. Tools
>like umegaya[0] and Debian Med's task list[1] use the information
>provided in this file.
[..]
>Part of the reason I chose to use debian/upstream/ is that an extensible
>location for upstream related information (similar in spirit to
>debian/source/) could be useful.
I've really wondered, why you didn't use debian/source/ for this purpose
and introduced another directory? Why not put the key used to sign the
upstream source right into debian/source/?
[..]
>- Choosing a new name for DEP-12's file and updating the wording in
>DEP-12. My suggestion would be debian/upstream/metadata.
Sounds reasonable to me.
Regards, Daniel
Reply to: