Re: How does team maintenace of python module works?

To: debian-python@lists.debian.org
Subject: Re: How does team maintenace of python module works?
From: Scott Kitterman <debian@kitterman.com>
Date: Wed, 20 Feb 2013 09:49:49 -0500
Message-id: <[🔎] 24754993.i0WrSetHUW@scott-latitude-e6320>
In-reply-to: <[🔎] 5124DA42.9020705@debian.org>
References: <[🔎] 511F4D0C.8040302@debian.org> <[🔎] 51248FDF.4010509@debian.org> <[🔎] 5124DA42.9020705@debian.org>

On Wednesday, February 20, 2013 10:14:26 PM Thomas Goirand wrote:
> Upstream tarballs, in some cases, is a concept of the past. When
> they are released (sometimes, they simply don't exist), it may only
> an image based on a git tag. Then using Git tags is often better,
> because tags may be PGP signed. I live in China, and the Chinese
> government did twice some man in the middle attack... Tarballs
> don't include PGP signatures. Plus it's possible for me to tag at
> any point in time, any commit, and use that to generate a tarball.

In some cases, sure.  For me, every package I maintain has a tarball release 
and most, if not all, provide signatures for the tarball.  GPG signed is not 
an advantage for git tags.  Anything can be signed.

Scott K

Reply to:

References:
- Re: How does team maintenace of python module works?
  - From: Thomas Goirand <zigo@debian.org>
- Re: How does team maintenace of python module works?
  - From: Matthias Klose <doko@debian.org>
- Re: How does team maintenace of python module works?
  - From: Thomas Goirand <zigo@debian.org>

Prev by Date: python3 and /usr/share
Next by Date: Re: How does team maintenace of python module works?
Previous by thread: Re: How does team maintenace of python module works?
Next by thread: Re: How does team maintenace of python module works?
Index(es):
- Date
- Thread