Re: Git Packaging: Native source formats

To: Sam Hartman <hartmans@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Git Packaging: Native source formats
From: "Theodore Y. Ts'o" <tytso@mit.edu>
Date: Wed, 28 Aug 2019 19:49:55 -0400
Message-id: <[🔎] 20190828234955.GA6117@mit.edu>
In-reply-to: <[🔎] tslo909kqlx.fsf@suchdamage.org>
References: <[🔎] tslo909kqlx.fsf@suchdamage.org>

On Wed, Aug 28, 2019 at 04:00:10PM -0400, Sam Hartman wrote:
> 
>   But if we're thinking that people will be working in Git, another way
>   to do this is to merge in a signed upstream git tag.  Then you can
>   perform a diff against that git tag.

One of the things to consider is how we should handle cases where
upstream does not sign the git tag, but *do* sign the tar.gz files.

Or if we end up moving to dgit for everything, and we don't want to
use pristine-tar (which I like, but I realize that's not an opinion
shared by everyone; some people seem to hate it), and upstream uses a
non-git repo (say, bzr, or hg) and still uses signed tar.gz files, I'd
argue we need to have a good way to reserve the cryptographic
signature of upstream's foo.tar.gz and foo.tar.gz.asc in a dgit-only
world.

	       		      	   	     - Ted

Reply to:

Follow-Ups:
- Re: Git Packaging: Native source formats
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Git Packaging: Native source formats
  - From: Thomas Goirand <zigo@debian.org>

References:
- Git Packaging: Native source formats
  - From: Sam Hartman <hartmans@debian.org>

Prev by Date: dput problem: Ancient sha256sum?
Next by Date: Re: Git Packaging: Native source formats
Previous by thread: Re: Git Packaging: Native source formats
Next by thread: Re: Git Packaging: Native source formats
Index(es):
- Date
- Thread