Marco d'Itri writes ("Re: [RFC] General Resolution to deploy tag2upload"):
> [email protected] wrote:
> > In this message I discuss in some detail five packaging workflows.
>
> I am more familiar with the gbp patches-unapplied workflow: can you
> point us to some educationlly relevant example repositories using the
> git-debrebase workflows?
> (Maybe without dgit, to make things easier to understand.)Russ can perhaps provide more examples, but src:xen is a complex one. https://salsa.debian.org/xen-team/debian-xen/ I doubt anyone is using git-debrebase but not dgit. There would be no reason to do that. dgit push just makes things better, compared to the old dput-based approach. (xen security uploads aren't done with dgit because security.d.o doesn't support dgit, #1050143, but you won't see anything about that in git, really.) > >The alternative design I've been positing supposes including a > >manifest of the contents of the unpacked source package. Ie, patches > >applied. > > But why does it have to be patches-applied? > Then both sides could easily (?) compute a canonical hash of the > patches-unapplied git repositories, and it would still provide the same > security properties. This is a reasonable question, especially since the ftpmasters haven't really nailed down what precisely this manifest would be, so I had to make it up myself. So: I chose patches-applied as the comparator in my big writeup because patches-unapplied is even worse. If the manifest form is patches-unapplied, then all the patches-applied git workflows would have to *unapply* the patches to generate the manifest. That means *more* patch-wrangling, in more cases. The NMU case becomes particularly bad, because in the general case only dpkg-source knows how to apply patches; and even then I think it doesn't know how to *un*apply them; and, it wants a tarball. Also, it would mean that the same manifest could mean different unpacked trees depending on the source package format, which is super weird and confusing. Ian. -- Ian Jackson <[email protected]> These opinions are my own. Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
