On August 6, 2017 11:37:51 AM EDT, Jeremy Stanley <fu...@yuggoth.org> wrote: >On 2017-08-06 10:44:36 -0400 (-0400), Allison Randal wrote: >> The OpenStack packaging team has been sprinting at DebCamp, and >> we're finally ready to move all general Python dependencies for >> OpenStack over to DPMT. (We'll keep maintaining them, just within >> DPMT using the DPMT workflow.) >> >> After chatting with tumbleweed, the current suggestion is that we >> should migrate the packages straight into gbp pq instead of making >> an intermediate stop with git-dpm. >[...] > >More a personal curiosity on my part (I'm now a little disappointed >that I didn't make time to attend), but are you planning to leverage >pristine tarballs as part of this workflow shift so you can take >advantage of the version details set in the sdist metadata and the >detached OpenPGP signatures provided upstream? Or are you sticking >with operating on a local fork of upstream Git repositories (and >generating intermediate sdists on the fly or supplying version data >directly from the environment via debian/rules)? > >I'm eager to see what upstream release management features you're >taking advantage of so we can better know which of those efforts are >valuable to distro package maintainers.
I don't work on the OpenStack packages, but I do maintain a reasonable number of Python packages. I always work from the released tarball. I haven't added the keys yet to verify all my packages, but am gradually doing so as I have time. I know some people like working from the upstream git (and the team maintenance workflow allows for either), but I definitely prefer working from the upstream tarballs and appreciate the effort that goes into producing them. Scott K