Re: a few quick questions on gbp pq workflow
On August 6, 2017 11:37:51 AM EDT, Jeremy Stanley <fungi@yuggoth.org> wrote:
>On 2017-08-06 10:44:36 -0400 (-0400), Allison Randal wrote:
>> The OpenStack packaging team has been sprinting at DebCamp, and
>> we're finally ready to move all general Python dependencies for
>> OpenStack over to DPMT. (We'll keep maintaining them, just within
>> DPMT using the DPMT workflow.)
>>
>> After chatting with tumbleweed, the current suggestion is that we
>> should migrate the packages straight into gbp pq instead of making
>> an intermediate stop with git-dpm.
>[...]
>
>More a personal curiosity on my part (I'm now a little disappointed
>that I didn't make time to attend), but are you planning to leverage
>pristine tarballs as part of this workflow shift so you can take
>advantage of the version details set in the sdist metadata and the
>detached OpenPGP signatures provided upstream? Or are you sticking
>with operating on a local fork of upstream Git repositories (and
>generating intermediate sdists on the fly or supplying version data
>directly from the environment via debian/rules)?
>
>I'm eager to see what upstream release management features you're
>taking advantage of so we can better know which of those efforts are
>valuable to distro package maintainers.
I don't work on the OpenStack packages, but I do maintain a reasonable number of Python packages. I always work from the released tarball. I haven't added the keys yet to verify all my packages, but am gradually doing so as I have time.
I know some people like working from the upstream git (and the team maintenance workflow allows for either), but I definitely prefer working from the upstream tarballs and appreciate the effort that goes into producing them.
Scott K
Reply to: