On Wed, May 29, 2019 at 12:20:23PM -0400, Sam Hartman wrote: > >> Perhaps we should update policy to say that the .orig tarball may > >> (or even "should") be generated from an upstream release tag > >> where applicable. > Andrey> This conflicts with shipping tarball signatures. > > Sure does. > > I can see the argument for caring about that if you're dealing with an > upstream that does run make dist and publish official signed tarballs. > > There are a lot of upstreams though where the tarball is an afterthought > or entirely not present. > I hope we as a community can decide to go with the git rather than > pressuring such upstreams to care more about tarballs. Yup. I'm still not sure how useful and successful was the campaign for the signed orig tarballs.
-- WBR, wRAR
signature.asc
Description: PGP signature
