Re: Git Packaging: Native source formats

To: Sam Hartman <hartmans@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Git Packaging: Native source formats
From: Ansgar <ansgar@43-1.org>
Date: Wed, 04 Sep 2019 22:56:58 +0200
Message-id: <[🔎] 87a7bjye3p.fsf@43-1.org>
Mail-followup-to: Sam Hartman <hartmans@debian.org>, debian-devel@lists.debian.org
In-reply-to: <tslo909kqlx.fsf@suchdamage.org> (Sam Hartman's message of "Wed, 28 Aug 2019 16:00:10 -0400")
References: <tslo909kqlx.fsf@suchdamage.org>

Sam Hartman writes:
> * One is that you're not using upstream tarballs.  If upstream has
>   tarballs they produce, we're not using them.  I guess we may end up
>   having that part of the conversation now rather than later.
>
>   It's clear that we value integrity of upstream source.  That is we
>   want to make it easy for people to start from some upstream source
>   that is trusted because upstream has produced it and audit just our
>   changes.
>   One way to do this is with an upstream tarball and a diff (or set of
>   diffs or a debian directory).

There are a few other projects consuming upstream tarballs from Debian's
archive.  I've seen source-based distributions (portage, pkgsrc) using
tarballs from there.  It would be friendly to not break this for them if
we can avoid doing so without too much cost.

Upstream tarballs are probably also the easiest way for upstream to
provide a signed version of their software which we have tried to
encourage (for example by including such signatures in Debian's
archive).

Ansgar

Reply to:

Prev by Date: Re: Proposed build profile: noinsttests
Next by Date: Re: Proposed build profile: noinsttests
Previous by thread: Re: Git Packaging: Native source formats
Next by thread: Bug#911411: general: Computer freezes after suspend/hibernate
Index(es):
- Date
- Thread