Hello, On Sat 04 Oct 2025 at 03:34pm +02, Guillem Jover wrote: > I wonder why these use the generic «Git-» namespace instead of «Dgit-» > when they seem tied to the dgit/tag2upload implementation? dgit is just an implementation detail. The specification of the tag metadata format is independent of dgit, and these fields are about that. > Hmm, I don't feel comfortable with Debian Policy growing reliance on > GnuPG and its specific interfaces and formats, when IMO we should be > making a collective effort to remove reliance on it (due to the schism). Agreed. > I'd feel more comfortable with references to something vendor generic > and on its track to be standardized through the OpenPGP Working Group, > such as SOPV. So I'm attaching an (untested) patch against dgit which > could make it possible to switch the above specification to use SOPV > details instead, and allow one of the several SOPV implementations > around to be used. If that seems fine, I can submit that to dgit > upstream. There are some requirements imposed like being able to run it on trixie (and at present on bookworm; we are waiting for DSA to upgrade the host). Please do submit this as an MR against dgit or a patch in the BTS, we would be very interested in reducing our reliance on gnupg. -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature