[Pkg-privacy-maintainers] Bug#875252: torbirdy: debian/watch looks at a page that has no upstream tarball/XPI

[intrigeri]

u:
> And it turns out I did that because I did not want to unpack and
> repack an XPI (previously) while I can use a Git branch with
> a PGP signature.

Just curious:

 * doesn't uscan do the unpacking/repacking automatically
   if it's told so in debian/watch?

 * My understanding is that in theory, with:

      git tag -v XYZ && \
      gbp import-orig --upstream-vcs-tag=XYZ --uscan

   … you might get the best of both worlds: automatic generation of
   the orig tarball based on the artifacts they actually distribute,
   full upstream Git history merged into our packaging history, and an
   easy way to compare what's in the Git tag and what's in the
   tarball/XPI.

   So I'm curious: what's the drawback of this approach compared to
   the manual approach I see in debian/README.source, that seems
   more tedious?

(Meta: I have no strong opinion and I trust you to make the best
choice; I'm genuinely curious and happy to learn :)

Cheers!
-- 
intrigeri