Am 17.08.2014 10:20, schrieb Thomas Goirand: > On 08/17/2014 01:08 AM, Michael Biebl wrote: >> More importantly (at least in my experience): If you are working in a >> team and you regenerate the tarball from git, it's very likely that >> the md5sum of the generated tarball differs from what has been >> uploaded to the archive by a different team maintainer in a previous >> upload, resulting in a reject by dak. > > Yes, that's a problem. Though it's easy to download what's been > previously uploaded to Debian before the final upload. At least easier > than downloading 293874 old copies of past released tarball in the > pristine-tar branch. Not really. The point is, that git-buildpackage automates the pristine-tar handling. So it's hard to make this error. On the other hand, downloading the tarball from the archive is not automated by any tool afaics. That means, git-buildpackage will happily re-create the dist tarball from the upstream branch. If you are not watching really carefully, this step is very easy to miss. It's also very easy to forget this particular caveat when you do stable-security uploads. And as the stable-security archive will *not* reject such a tarball, you can end up with tarballs which have different md5sums in stable and stable-security. I was bitten by this once and users were a little freaked by this. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
Attachment:
signature.asc
Description: OpenPGP digital signature