What to do with .git directories in source package uploads?

Robie Basak robie.basak at ubuntu.com
Mon Jun 12 10:42:54 UTC 2017


On Wed, May 24, 2017 at 10:56:52PM +0100, Ian Jackson wrote:
> But if there are packages where the .git directory is somehow actually
> used in the build, your scheme won't help because a build from the
> imported git tree will use your history, not the history found in the
> .dsc's .git.

I don't think this matters. By using our imported git tree and using git
to clone it, the user is explicitly requesting our importer's history in
.git, contrary to the source package's .git directory. I think it's
reasonable for "our git" to "take over" .git in this case. The original
uploader left a .git "trap" and we aren't in a position to remove the
trap for unsuspecting developers, but I don't think we're making it
worse. The badness happened in as an interaction between the bad source
package and the the decision to use git tooling and have an importer in
the first place, and the user is complicit in the latter decision.

In mitigation, we have "build" and "build-source" wrappers that could
always do the correct unescaping here. Then you'd only fall into the
trap if you aren't using the wrapper.

Robie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/vcs-pkg-discuss/attachments/20170612/42bfea84/attachment.sig>


More information about the vcs-pkg-discuss mailing list