Bug#933044: dgit: should not require --overwrite when debian/changelog contains the version in unstable
> --overwrite does not trust debian/changelog Looking at this bug (after much time, sorry) I am confused. I think what --overwrite does is precisely to trust the changelog. Maybe you meant to say "dgit does not trust ..." which is accurate. Then the rest of your message makes sense. So, let me reply to that: The reason dgit doesn't trust the changelog by default is that it is not reliable. It is quite easy to accidentally create git commits that mention "1.2.3-1" in the changelog, but which weren't the actually uploaded "1.2.3-1". Many maintainer changelog management workflows do so. In such a situation, forgetting to pull from the main branch on salsa might result dgit accidentally overwriting later changes, if it simply trusts the changelog. Many maintainers (especially of native packages) who use dgit don't need --overwrite: as a maintainer you can merge the dgit .dsc import into your own history. Then git operates normally and your pushes are always ff. This workflow is much less at risk of accidentally clobbering changes. In line with dgit's philosophy of trying to help the user avoid mistakes, and encouraging safer (less error-prone) workflows, I don't think making --overwrite the default would be a good idea. In #1050713 I am proposing to add a --trust-changelog option, that works like --overwrite (without a version). This will hopefully make it less scary-sounding and encourage more people to use it rather than worry. Does this all make sense ? Thanks, Ian. -- Ian JacksonThese opinions are my own. Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
Bug#933044: dgit: should not require --overwrite when debian/changelog contains the version in unstable
Package: dgit Version: 9.6 Severity: normal Hi, --overwrite does not trust debian/changelog. If debian/changelog says it contains version 1.2.3-1, then dgit should trust it and do the fake merge if required. Or maybe rephrase this as a question: why doesn't dgit consider the debian/changelog information authoritative? As things currently stand, --overwrite is required for most upload operations, since (a) dgit is not that popular yet, and (b) most packages use the patches-unapplied layout. -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dgit depends on: ii apt 1.8.2 ii ca-certificates 20190110 ii coreutils 8.30-3 ii curl7.65.1-1 ii devscripts 2.19.6 ii dpkg-dev1.19.7 ii dput-ng [dput] 1.28 ii git [git-core] 1:2.22.0-1 ii git-buildpackage0.9.14 pn libdigest-sha-perl ii libdpkg-perl1.19.7 ii libjson-perl4.02000-1 ii liblist-moreutils-perl 0.416-1+b4 ii liblocale-gettext-perl 1.07-3+b4 ii libtext-glob-perl 0.10-1 ii libtext-iconv-perl 1.7-6 ii libwww-curl-perl4.17-5 ii perl5.28.1-6 Versions of packages dgit recommends: ii openssh-client [ssh-client] 1:8.0p1-3 Versions of packages dgit suggests: ii cowbuilder 0.88 ii pbuilder0.230.4 ii sbuild 0.78.1-2 -- no debconf information