Hello, (1) I am teaching dgit to verify whether a .changes file is source-only. This is for a new 'push-source' subcommand. My first attempt simply looked for any .deb or .udeb entries in the Files: field. However, dgit's maintainer would prefer a strict whitelist: check that each entry in Files: is a .dsc, or an .orig.tar.*, or a .debian.tar.*, etc. Is this the preferred way to confirm whether a .changes file is source-only? (2) We are also thinking about a strict whitelist for all .changes files -- the whitelist mentioned above, plus *.deb, *.udeb etc. Are there currently any plans to add new categories of binary files to uploads, that we should include in our whitelist? (3) We observed that .buildinfo files are included in purportedly source-only changes files by `dpkg-buildpackage -S`. Is this correct? Why are they included in source-only uploads? Thanks! (please keep me CCed; I am not subscribed to this list) -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature