Re: tag2upload & orig.tar

To: Otto Kekäläinen <otto@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: tag2upload & orig.tar
From: Sean Whitton <spwhitton@spwhitton.name>
Date: Thu, 05 Dec 2024 10:21:20 +0800
Message-id: <[🔎] 871pymq38f.fsf@melete.silentflame.com>
In-reply-to: <[🔎] CAOU6tAA_9eCkWG8k5gwBFoj2apb29h0FJS8XEDgMkHVjtjCutw@mail.gmail.com> ("Otto Kekäläinen"'s message of "Tue, 3 Dec 2024 00:04:52 -0800")
References: <[🔎] 87ed2pqxyv.fsf@melete.silentflame.com> <[🔎] CAOU6tAAP64qfE1L_R4a-O7w_1VXROcUXp-7fWr7gkDvyH+OaEg@mail.gmail.com> <[🔎] 87ttblp5z4.fsf@melete.silentflame.com> <[🔎] CAOU6tAA_9eCkWG8k5gwBFoj2apb29h0FJS8XEDgMkHVjtjCutw@mail.gmail.com>

Hello,

On Tue 03 Dec 2024 at 12:04am -08, Otto Kekäläinen wrote:

> And by "aren't uploadable" you mean this is how you designed it and
> chose to not use signatures, not that doing it would inherently would
> be impossible. Would it by any chance be possible to extend "git
> deborig" to check whether debian/upstream/signing-key.* exists, and if
> so, generate the tarball using pristine-tar and keep the supply chain
> intact? Would you accept patches that implement it?

I don't think I can give a quick answer to that.  There are a lot of
details.  Let us get the first version deployed first :)

-- 
Sean Whitton

Reply to:

References:
- tag2upload & orig.tar
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: tag2upload & orig.tar
  - From: Otto Kekäläinen <otto@debian.org>
- Re: tag2upload & orig.tar
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: tag2upload & orig.tar
  - From: Otto Kekäläinen <otto@debian.org>

Prev by Date: Re: Problems to find sponsors (Was: Bits from DPL)
Next by Date: Re: Building with many cores without OOM
Previous by thread: Re: tag2upload & orig.tar
Next by thread: Re: tag2upload & orig.tar
Index(es):
- Date
- Thread