On Wed, 2018-02-14 at 18:01 +0100, Bill Allombert wrote: > The automatically generated tarballs do not include files generated by > autotools and similar, that the real source tarballs include. Also they > are not GPG-signed. All in all, they are useless. The autotools files can be generated by people building the code, you could also ship an extra tarball containing just the autotools files, but I would lean towards requiring folks to run autoreconf. The generated tarballs are bit-for-bit reproducible from the git repo using git archive. So you can generate them locally, sign them locally and upload the signatures and associate them with the tags. > In the case of popcon, I do not want to include the popcon public > submission key in GIT. Yet it should be in the source tarball. Is there a reason why you don't want it in the source tarball. You could include a second tarball containing just the key in the Debian source package, dpkg-source v3 format supports multiple tarballs. > Also, release tags are only a small subset of tags. It is inconvenient to mix > the two. I've never used git tags for anything other than releases, what else are you using them for? > How to do this and whether salsa support it is very unclear from this link. I guess you go into the web interface and click around. > <https://wiki.debian.org/Alioth#Deprecation_of_Alioth> says: > Releases and downloads > Git tags are the basic interface to create releases in ?GitLab. this > creates a tarball and allows extra files to be attached to the tag. I assume this means that Salsa supports it. > However I did not see how I can attach a file to a tag. I personally gave up on the GitLab interface, it requires too much JavaScript to operate. I do things only via git or the API. Since there is limited support for the API, I am mostly ignoring salsa. > This starts to be off-topic on this list. Is there a debian salsa list ? Just the #alioth IRC channel at this point: https://wiki.debian.org/Salsa#Maintenance -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part