Hi Otto, On Tue Aug 5, 2025 at 9:03 AM CEST, Otto Kekäläinen wrote:
This feature would be very useful, and potentially a requirement for being able to use pristine-tar in tag2upload for additional confirmation that the pristine-tar branch commit was really done by the DD who has permission to upload.
Speaking just for the tag2upload part: the way we're currently implementing this, pristine-tar commit signatures would not get used at all. You can follow the progress at https://bugs.debian.org/1106071
Bye!
signature.asc
Description: PGP signature
