* Russ Allbery (r...@debian.org) [120517 19:53]: > Tollef Fog Heen <tfh...@err.no> writes: > > > Pushing a signed tag and having source packages and binaries built from > > that doesn't rely on 3.0 (git), though. «Just» a repository somewhere > > with hooks that go «oh, a signed tag, let me build a source package and > > upload that». Might fire it off as a job to a separate process so > > pushing to big repos doesn't take a winter and a day, but that's really > > an implementation detail. > > Good point. > > If I were to pick between the enhancements to Debian in this area, none of > which I have time to work on and therefore can't vote on via > implementation, I'd be way more interested in avoiding the entire source > package upload process entirely and be able to just push signed Git tags > to a trusted host that stores Git repositories for our packages. Even if > those repositories were only accessible to Debian maintainers because > they're not license-reviewed.
git.debian.org isn't license-reviewed either, so could be the same level of being public. Having special form of git-tags on git.d.o automatically uploaded to ftp-master (and having there the usual checks) would sound a good idea (of course, also for svn and other vcs). However, this package format would still need to allow NMUs (and/or having the vcs in question having support for NMUs). Andi -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120517181917.ga2...@mails.so.argh.org
