Bug#593611: Clarify whose signature should go in debian/changelog (4.4)

[Russ Allbery <rra@debian.org>]

Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk> writes:

> Imho, we should be making it less ambigious and adjusting our
> generated changes and/or debian/changelog to more team maintained
> workflows:

> We should unambigiously document:
> Maintainer: Typically team (list of names)
> Uploads: Typically a subset of team members (list of names)
> Changed-by: everyone who contributed changes in this upload (list of names)
> Signed-by: person who signed and dput (single uid fingerprint, not
> sure we support multi-signed uploads)
> GPG Signature itself, should match fingerprint of Singed-by uid

> The format of debian/changelog at the moment enforces only one name
> and it has no mapping to expose all people involved.
> "multi-maintainer changelog" convention of using [ Name [<email>] ] is
> good, but is still currently defeated by current single sign-off line
> which propagates to Changed-by.

I think this would be an interesting direction in which to take things,
but it's a larger project that requires changing the definition of fields
(Maintainer is currently single-valued) and how various tools work.  If
you or someone else wanted to pursue this, I think it would be a more
accurate representation in the long run, but it may be more effort than is
warranted.  In the meantime, in the short run, I think we should clarify
the wording to something a bit closer to what people normally do.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>