[Pkg-zsh-devel] Differences between git repo and official tar balls: Are they still relevant?

Daniel Shahaf d.s at daniel.shahaf.name
Mon Nov 30 15:51:20 UTC 2015


Axel Beckert wrote on Mon, Nov 30, 2015 at 03:04:36 +0100:
> Hi,
> 
> now that pws started signing upstream tar balls and I implemented
> verifying these signatures in
> https://anonscm.debian.org/cgit/collab-maint/zsh.git/commit/?id=e6d23bf3
> we should have a look if we still need to generate fake upstream tar
> balls from git.
...
> What do you think?

I'm curious: wouldn't it be simpler to teach git-orig-source to verify
the signed git tag (and continue using a 'git archive' of the upstream
tag) than to maintain a list of all the generated files that need to be
moved away and back again?  What exactly is gained by using the upstream
tarball (over using the signed tag)?

Cheers,

Daniel



More information about the Pkg-zsh-devel mailing list