Re: Survey: git packaging practices / repository format

To: debian-devel@lists.debian.org
Subject: Re: Survey: git packaging practices / repository format
From: "Enrico Weigelt, metux IT consult" <lkml@metux.net>
Date: Mon, 1 Jul 2019 15:04:26 +0200
Message-id: <[🔎] 9dd5f501-5c58-03e4-a1d3-4b849b5d8ee6@metux.net>
In-reply-to: <20190529154139.GF7793@belkar.wrar.name>
References: <23789.22766.778482.983490@chiark.greenend.org.uk> <20190528173136.GB17513@espresso.pseudorandom.co.uk> <23789.38946.363651.512533@chiark.greenend.org.uk> <20190528233922.GA3018@espresso.pseudorandom.co.uk> <259caba1ffb5ad20680acb59e2765b8f6d15b10f.camel@decadent.org.uk> <20190529154139.GF7793@belkar.wrar.name>

On 29.05.19 17:41, Andrey Rahmatullin wrote:

>> Perhaps we should update policy to say that the .orig tarball may (or
>> even "should") be generated from an upstream release tag where
>> applicable.
> This conflicts with shipping tarball signatures.

Does that really need to be the upstream's tarballs ?
Why not just automatically generating the orig tarballs and fingerprint
*them* (not caring about the upstream's tarball at all) ?

If it's about validating the source integrity all along the path from
from upstream to deb-src repo, we could do that by auditable process
(eg. fully automatic, easily reproducable transformations)

--mtx

-- 
Enrico Weigelt, metux IT consult
Free software and Linux embedded engineering
info@metux.net -- +49-151-27565287

Reply to:

Follow-Ups:
- Re: Survey: git packaging practices / repository format
  - From: Andrey Rahmatullin <wrar@debian.org>

Prev by Date: Re: Survey: git packaging practices / repository format
Next by Date: Re: Survey: git packaging practices / repository format
Previous by thread: Re: Survey: git packaging practices / repository format
Next by thread: Re: Survey: git packaging practices / repository format
Index(es):
- Date
- Thread