[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFC] General Resolution to deploy tag2upload

* Marco d'Itri: " Re: [RFC] General Resolution to deploy tag2upload" (Wed, 12
  Jun 2024 14:37:25 -0000 (UTC)):

> debian@kitterman.com wrote:
> 
> >As I understand it, Debian was affected by the xz-utils hack, in part,
> >because some artifacts were inserted into an upstream tarball that were not 
> >represented in the upstream git.  Please explain how use of tag2upload is 
> >relevant to this scenario?  I'm afraid I don't follow.  
> I think that it was assumed, and I agree, that a well-maintained Debian
> git source tree has the upstream branch pulled from the upstream git
> repository, keeping the complete history, and not created locally by
> importing upstream tar release archives.

Just as a note often forgotten in this discussion:

There are upstreams, that don't use git and are even heavily opposed to git.
Hopefully I have nevertheless "well-maintained Debian git source trees" for the
Tryton suite... ;)

-- 

    Mathias Behrle
    PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6
    AC29 7E5C 46B9 D0B6 1C71  7681 D6D0 9BE4 8405 BBF6
Reply to: