On Wed, May 24, 2017 at 10:56:52PM +0100, Ian Jackson wrote: > But if there are packages where the .git directory is somehow actually > used in the build, your scheme won't help because a build from the > imported git tree will use your history, not the history found in the > .dsc's .git.
I don't think this matters. By using our imported git tree and using git to clone it, the user is explicitly requesting our importer's history in .git, contrary to the source package's .git directory. I think it's reasonable for "our git" to "take over" .git in this case. The original uploader left a .git "trap" and we aren't in a position to remove the trap for unsuspecting developers, but I don't think we're making it worse. The badness happened in as an interaction between the bad source package and the the decision to use git tooling and have an importer in the first place, and the user is complicit in the latter decision. In mitigation, we have "build" and "build-source" wrappers that could always do the correct unescaping here. Then you'd only fall into the trap if you aren't using the wrapper. Robie
signature.asc
Description: PGP signature
_______________________________________________ vcs-pkg-discuss mailing list vcs-pkg-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/vcs-pkg-discuss