On Wednesday, August 13, 2025 2:26:13 PM Mountain Standard Time Andrew Bower wrote:
> I just tried this on one of my packages, successfully with both
> uscan
> and
> gbp import-orig --uscan
>
> using this watch file:
>
> version=4
> opts="mode=git,pgpmode=gittag" \
> https://gitlab.com/abower/sysv-rc-conf.git/ refs/tags/v([\d\.]+)
>
> https://salsa.debian.org/debian/sysv-rc-conf/-/blob/debian/latest/debian/watch
>
> I don't actually use either workflow though because one of the benefits
> of signed tags as release artefact is that the import process simplifies
> to 'git merge' instead of the tarball unpackaging which I still find
> dodgily opaque.
>
> However, I would be interested in understanding more about if/how Debian
> can handled signed upstream tags elsewhere - there doesn't seem to be
> any way of checking it after maintainer import.
>
> I'd be interested to hear what else you discover in this process!
Thanks, that is very helpful.
--
Soren Stoutner
soren@debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part.