Re: [RFC] General Resolution to deploy tag2upload

To: debian-vote@lists.debian.org, Joerg Jaspert <joerg@debian.org>, Russ Allbery <rra@debian.org>
Cc: Sean Whitton <spwhitton@spwhitton.name>, Helmut Grohne <helmut@subdivi.de>
Subject: Re: [RFC] General Resolution to deploy tag2upload
From: Kurt Roeckx <kurt@roeckx.be>
Date: Mon, 17 Jun 2024 09:26:25 +0200
Message-id: <[🔎] 528BE1F6-75D6-4918-9AD9-779C2F0F14DD@roeckx.be>
In-reply-to: <[🔎] 87zfrklf2z.fsf@ganneff.de>
References: <[🔎] 87wmmvrubl.fsf@melete.silentflame.com> <[🔎] 87ed8ymbvx.fsf@ganneff.de> <[🔎] 87msnmxcdx.fsf@hope.eyrie.org> <[🔎] 87zfrklf2z.fsf@ganneff.de>

Not having fully read everything, would this be acceptable:
- The DSC contains a copy of the original signature, and the hash that was signed. Possibly an url to the repo at that time.
- there exists some tool that can extract the information from the DSC, verify the git signature, and that it generates a tar with the same content?

Kurt

Reply to:

Follow-Ups:
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

References:
- [RFC] General Resolution to deploy tag2upload
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Joerg Jaspert <joerg@debian.org>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Russ Allbery <rra@debian.org>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Joerg Jaspert <joerg@debian.org>

Prev by Date: Re: [RFC] General Resolution to deploy tag2upload [and 1 more messages]
Next by Date: Re: [RFC] General Resolution to deploy tag2upload
Previous by thread: Re: [RFC] General Resolution to deploy tag2upload
Next by thread: Re: [RFC] General Resolution to deploy tag2upload
Index(es):
- Date
- Thread