Control: tag -1 pending On Sat, 2020-04-25 at 23:01 +0100, Ben Hutchings wrote: > On Thu, 2020-04-23 at 19:30 +0200, Christoph Anton Mitterer wrote: > [...] > > It would be nice if the handbook tells people how to verify their > > repos by proper git means, i.e. verify signautres on tags. > > Yes, definitely. I've finally got back to looking at the wording here. The one place we refer to <https://salsa.debian.org/kernel-team/linux.git> is in the section "Building a development version of the Debian kernel package". This is about building unreleased changes, which of course are not tagged. I don't think we can reasonably give instructions for verifying them. For <git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git>, I have changed the URL to use "https:" and changed the instructions to include tag verification with the aid of the Debian source package. It's annoyingly complex but should work: https://kernel-team.pages.debian.net/kernel-handbook/ch-bugs.html#s9.2.1 Ben. -- Ben Hutchings Unix is many things to many people, but it's never been everything to anybody.
Attachment:
signature.asc
Description: This is a digitally signed message part