Re: how to take advantage of uscan for git upstream source with only commits (read no tags) ?
Hello Forum:
Thanks for your prompt reply.
On 01/03/16 06:51, Paul Wise wrote:
> On Tue, Mar 1, 2016 at 1:05 AM, Jerome BENOIT wrote:
>
>> I am on my way to package a software whose the upstream source is
>> available at github with only commits: the upstream team uploads
>> new material the last Friday of each month, but without emitting
>> any tags. Can we use uscan (version 4) for such a scheme ?
>
> While uscan now supports checking remote git repositories, it relies
> on git tags to find new releases so that feature isn't useful to
> you.
Indeed.
>
> You might be able to use pagemangle or one of the other new features
> to hack around this, depending on the content of the github HTML.
Of course, the version is somewhere in the source:
the issue would be solved if the automates could play with the involved file.
>
> The best would be to convince upstream to do proper releases (with
> tags and tarballs) and sign the commits, tags and tarballs with
> OpenPGP.
>
> https://wiki.debian.org/debian/watch#Cryptographic_signature_verification
> https://help.riseup.net/en/security/message-security/openpgp/best-practices
I am agree. But, unfortunately, [s]he seems very reluctant: [s]he put the request
on the so called WhishList, but I think that [s]he does not understand the issue.
>
> At worst you could set yourself calendar reminders for every
> Friday/Saturday.
>
On the other hand, I am packaging on behalf of a Debian Team:
the packaging must be canonical and fully supported by automates.
> If you want more specific info, you would need to mention a crucial
> detail; which github project is this?
>
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802176
https://github.com/IDRSolutions/maven-OpenViewerFX-src
Thanks,
Jerome
Reply to: