Hello, On Fri 21 Feb 2025 at 04:20pm GMT, Ian Jackson wrote:
> Sean Whitton writes ("Re: Bug#1091868: debian-policy: Document Git-Tag-Tagger
> and Git-Tag-Info fields"):
>> It's from the VALIDSIG line as documented here:
>> <https://github.com/gpg/gnupg/blob/master/doc/DETAILS>.
>>
>> The text there doesn't guarantee that the fingerprint will be the
>> signing subkey, if there is one, but somewhat implies that it will be.
>>
>> I'm not sure we want to tie ourselves down in the way that you are
>> suggesting. What do you think, Ian
>
> How about we just reference that? (I know we're trying to get away
> from gnupg, but I don't want to get hung up on this, here.)
I think that would be good. Please see the attached patch.
--
Sean Whitton
From d0bf57707cd9a21a01639521f0b07f9461f5dc83 Mon Sep 17 00:00:00 2001 From: Sean Whitton <spwhit...@spwhitton.name> Date: Wed, 1 Jan 2025 19:14:06 +0000 Subject: [PATCH v3] Document Git-Tag-Tagger and Git-Tag-Info fields --- policy/ch-controlfields.rst | 50 ++++++++++++++++++++++++++++++++++ policy/upgrading-checklist.rst | 9 ++++++ 2 files changed, 59 insertions(+) diff --git a/policy/ch-controlfields.rst b/policy/ch-controlfields.rst index 3151816..93044cb 100644 --- a/policy/ch-controlfields.rst +++ b/policy/ch-controlfields.rst @@ -237,6 +237,10 @@ is described above, in :ref:`s-controlsyntax`. - :ref:`Dgit <s-f-Dgit>` +- :ref:`Git-Tag-Tagger <s-f-Git-Tag-Tagger>` + +- :ref:`Git-Tag-Info <s-f-Git-Tag-Info>` + - :ref:`Standards-Version <s-f-Standards-Version>` (mandatory) - :ref:`Build-Depends et al <s-sourcebinarydeps>` @@ -291,6 +295,10 @@ The fields in this file are: - :ref:`Changed-By <s-f-Changed-By>` +- :ref:`Git-Tag-Tagger <s-f-Git-Tag-Tagger>` + +- :ref:`Git-Tag-Info <s-f-Git-Tag-Info>` + - :ref:`Description <s-f-Description>` (mandatory in some cases) - :ref:`Closes <s-f-Closes>` @@ -1307,6 +1315,48 @@ This list is intentionally incomplete. You should consult the documentation of the tool or package in question for which keywords it defines and when they are needed. +.. _s-f-Git-Tag-Tagger: + +``Git-Tag-Tagger`` +~~~~~~~~~~~~~~~~~~ + +Name and e-mail address of the person who made the Git tag from which this +upload was generated (and to which it corresponds) in accordance with the +tagging protocol described in the :manpage:`tag2upload(5)` manual page. +The syntax is the same as for the :ref:`Maintainer field <s-f-Maintainer>`. +The value comes from the ``tagger`` line of the raw Git tag. + +Uploads signed by an implemention of the tag2upload service must include this +field. Uploads not generated in accordance with the tag2upload protocol must +not include this field. + +.. _s-f-Git-Tag-Info: + +``Git-Tag-Info`` +~~~~~~~~~~~~~~~~ + +Other information about the Git tag from which this upload was generated (and +to which it corresponds) in accordance with the tagging protocol described in +the :manpage:`tag2upload(5)` manual page. + +The value is of the form ``tag=TAGOBJID fp=FINGERPRINT`` where ``TAGOBJID`` is +the Git object ID of the Git tag object, and ``FINGERPRINT`` is the +fingerprint (in hexadecimal, without spaces) of the PGP key used to sign the +Git tag. Other space-separated ``keyword=value`` items may be introduced in +the future, and users of this field must ignore items with unknown keywords. + +``FINGERPRINT`` is taken from the first field of the ``VALIDSIG`` line emitted +by :manpage:`gpgv(1)`, as specified in ``/usr/share/doc/gnupg/DETAILS.gz`` +from the ``gnupg`` package. This will generally be the fingerprint of the +signing subkey, if one was used, and the primary key's fingerprint otherwise. + +The Git tag object is obtainable from the *dgit-repos* server, as described +under ``Dgit``, above. + +Uploads signed by an implemention of the tag2upload service must include this +field. Uploads not generated in accordance with the tag2upload protocol must +not include this field. + .. _s5.7: User-defined fields diff --git a/policy/upgrading-checklist.rst b/policy/upgrading-checklist.rst index fe92127..8ad838e 100644 --- a/policy/upgrading-checklist.rst +++ b/policy/upgrading-checklist.rst @@ -39,6 +39,15 @@ The sections in this checklist match the values for the except in the two anomalous historical cases where normative requirements were changed in a minor patch release. +Version 4.7.2 +------------- + +Unreleased. + +5.6.32 & 5.6.33 + New sections documenting the ``Git-Tag-Tagger`` and ``Git-Tag-Info`` + fields in Debian source control and ``.changes`` files. + Version 4.7.1 ------------- -- 2.45.2
signature.asc
Description: PGP signature
