Re: Alternative signature mechanisms for upstream source verification

To: debian-devel@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: Alternative signature mechanisms for upstream source verification
From: Marco d'Itri <md@Linux.IT>
Date: Sat, 5 Oct 2024 16:07:15 +0200
Message-id: <[🔎] ZwFIEyZvSBpW1q-O@bongo.bofh.it>
In-reply-to: <[🔎] 87y1337y4x.fsf@fama.lan>
References: <14198883.O9o76ZdvQC@galatea> <87bk04sslp.fsf@debian.org> <4017015.ElGaqSPkdT@galatea> <20241003152912.7wwrsuxezwg3kaoj@satie.tumbleweed.org.za> <c93cb2bd-ad10-439e-819b-0007bf60fadc@debian.org> <[🔎] 20241004182101.lnc5dqft4vurbcrh@satie.tumbleweed.org.za> <[🔎] ZwCXPdw3AFPp9pN9@thunder.hadrons.org> <[🔎] 87y1337y4x.fsf@fama.lan>

No objections to have this kind of capability, but I still strongly 
believe that importing tar archives is highly suboptimal and directly 
branching off the upstream git repository is an highly superior workflow 
and should be used as much as possible.

This being said, I maintain some packages which are released by the 
upstream maintainers only as tar archives (because OpenBSD).

-- 
ciao,
Marco

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Alternative signature mechanisms for upstream source verification
  - From: Otto Kekäläinen <otto@debian.org>

References:
- Alternative signature mechanisms for upstream source verification
  - From: Stefano Rivera <stefanor@debian.org>
- Re: Alternative signature mechanisms for upstream source verification
  - From: Guillem Jover <guillem@debian.org>
- Re: Alternative signature mechanisms for upstream source verification
  - From: Martin <debacle@debian.org>

Prev by Date: Bug#1084119: ITP: golang-github-schachmat-ingo -- persistent storage for flags in go
Next by Date: Re: signify and signify-openbsd names
Previous by thread: Re: Alternative signature mechanisms for upstream source verification
Next by thread: Re: Alternative signature mechanisms for upstream source verification
Index(es):
- Date
- Thread