Jonas Smedegaard <dr@jones.dk> writes: > I am happy that gnulib is in good hands. > > I've moved on to other challenges, and have no interest in working on > gnulib now. That said, you are welcome to try nudge me if some concrete > task emerges where you image I might be of help. Thank you for support! Boyuan Yang <byang@debian.org> writes: > Thanks for your work; I am okay with the changes. For git bundle > reproducibility, seeking advice from Debian people in the reproducible- > builds project may be helpful. With the changes in project structure, it > might be useful to provide documents about how to use the updated gnulib > Debian package for other Debian software packagers. Definitely, my blog post [1] illustrates how it can be done, but the details for a Debian packager is sketchy. I should summarize how to convert a Debian package from a traditional 'make dist' tarball that includes gnulib to a 'git-archive' based approach that uses gnulib from the Debian package, maybe as a debian-devel post. However I don't think it is wise to do that for packages that are validating PGP signatures of the existing tarball and there is an upstream that doesn't provide PGP signed 'git-archive' releases. We can nudge upstream's to sign 'git-archive' exports of their projects, though. /Simon [1] https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/
Attachment:
signature.asc
Description: PGP signature