Bug#921954: gnulib
Jonas Smedegaard writes: > I am happy that gnulib is in good hands. > > I've moved on to other challenges, and have no interest in working on > gnulib now. That said, you are welcome to try nudge me if some concrete > task emerges where you image I might be of help. Thank you for support! Boyuan Yang writes: > Thanks for your work; I am okay with the changes. For git bundle > reproducibility, seeking advice from Debian people in the reproducible- > builds project may be helpful. With the changes in project structure, it > might be useful to provide documents about how to use the updated gnulib > Debian package for other Debian software packagers. Definitely, my blog post [1] illustrates how it can be done, but the details for a Debian packager is sketchy. I should summarize how to convert a Debian package from a traditional 'make dist' tarball that includes gnulib to a 'git-archive' based approach that uses gnulib from the Debian package, maybe as a debian-devel post. However I don't think it is wise to do that for packages that are validating PGP signatures of the existing tarball and there is an upstream that doesn't provide PGP signed 'git-archive' releases. We can nudge upstream's to sign 'git-archive' exports of their projects, though. /Simon [1] https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/ signature.asc Description: PGP signature
Bug#921954: gnulib
Hi, On Sat, 2024-04-13 at 22:09 +0200, Jonas Smedegaard wrote: > Hi Simon (and Boyuan), > > Quoting Simon Josefsson (2024-04-13 19:38:06) > > You may have noticed I adopted gnulib and have made an upload to > > experimental. I am happy to have this team maintained, so feel free > > to > > join the effort -- I added Boyuan to Uploaders: since you've been > > doing > > QA uploads for some time, but happy to add others too. > > > > If you don't object, I will upload to unstable in a couple of days if > > nothing comes up. Relevant reading material on the changes I did for > > this package: > > > > https://salsa.debian.org/debian/gnulib/-/blob/debian/sid/debian/README.source > > https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/ > > > > What do you think? I hope I'm not stepping on anyone's toes here. > > The > > package was orphaned and is a critical component to be able to build > > source-only tarballs for other packages in Debian. > > I am happy that gnulib is in good hands. > > I've moved on to other challenges, and have no interest in working on > gnulib now. That said, you are welcome to try nudge me if some > concrete > task emerges where you image I might be of help. Thanks for your work; I am okay with the changes. For git bundle reproducibility, seeking advice from Debian people in the reproducible- builds project may be helpful. With the changes in project structure, it might be useful to provide documents about how to use the updated gnulib Debian package for other Debian software packagers. Thanks, Boyuan signature.asc Description: This is a digitally signed message part
Bug#921954: gnulib
Hi Simon (and Boyuan), Quoting Simon Josefsson (2024-04-13 19:38:06) > You may have noticed I adopted gnulib and have made an upload to > experimental. I am happy to have this team maintained, so feel free to > join the effort -- I added Boyuan to Uploaders: since you've been doing > QA uploads for some time, but happy to add others too. > > If you don't object, I will upload to unstable in a couple of days if > nothing comes up. Relevant reading material on the changes I did for > this package: > > https://salsa.debian.org/debian/gnulib/-/blob/debian/sid/debian/README.source > https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/ > > What do you think? I hope I'm not stepping on anyone's toes here. The > package was orphaned and is a critical component to be able to build > source-only tarballs for other packages in Debian. I am happy that gnulib is in good hands. I've moved on to other challenges, and have no interest in working on gnulib now. That said, you are welcome to try nudge me if some concrete task emerges where you image I might be of help. Kind regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ * Sponsorship: https://ko-fi.com/drjones [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#921954: gnulib
Hi You may have noticed I adopted gnulib and have made an upload to experimental. I am happy to have this team maintained, so feel free to join the effort -- I added Boyuan to Uploaders: since you've been doing QA uploads for some time, but happy to add others too. If you don't object, I will upload to unstable in a couple of days if nothing comes up. Relevant reading material on the changes I did for this package: https://salsa.debian.org/debian/gnulib/-/blob/debian/sid/debian/README.source https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/ What do you think? I hope I'm not stepping on anyone's toes here. The package was orphaned and is a critical component to be able to build source-only tarballs for other packages in Debian. /Simon Simon Josefsson writes: > Hi. I noticed gnulib in Debian was orphaned. I work upstream on gnulib > and intend to adopt it in Debian, but I’m happy to co-maintain it. My > plan is to keep it updated to latest upstream version, and see if we > can offer some way for it to be used to bootstrap various projects > that depend on vendored gnulib code. > > /Simon signature.asc Description: PGP signature
