Re: git repositories for packages and signed pushes

Gerrit Pape writes ("Re: git repositories for packages and signed pushes"): > On Sat, Jul 11, 2015 at 06:23:59PM +0100, Ian Jackson wrote: > > The only significant problem is that the relevant versions of git are > > currently only in experimental. Can we expect these

Re: git repositories for packages and signed pushes

On Sat, Jul 11, 2015 at 06:23:59PM +0100, Ian Jackson wrote: > The only significant problem is that the relevant versions of git are > currently only in experimental. Can we expect these (a) to be in sid > soon and (b) usefully stable backports to be available for (at least) > jessie ? (CCing git

Re: git repositories for packages and signed pushes

Tollef Fog Heen writes ("Re: git repositories for packages and signed pushes"): > Ian Jackson : > > I'll also have to talk to DSA about what they think about running a > > backport of git. > > We generally don't have a problem with running backports a

Re: git repositories for packages and signed pushes

]] Ian Jackson > I'll also have to talk to DSA about what they think about running a > backport of git. We generally don't have a problem with running backports as long as they're from $suite-backports. Out-of-suite backports is something we've done in the past, but we would really, really like

git repositories for packages and signed pushes

We've had some discussion of some of these issues already, but let me summarise: Most current workflows for Debian packaging with git involve a git repository somewhere, and in practice it is very impractical not to trust the contents of (at least some branches in) that repository. Currently AFAI