Hello, On Mon, Jan 08 2018, Ian Jackson wrote:
> Mattia Rizzolo writes ("Bug#886625: push-source should be usable no
>matter the state of the working tree"):
>> On Mon, Jan 08, 2018 at 11:20:08AM +0000, Ian Jackson wrote:
>> > (Now that push-source exists I'm not sure why you would
>> > build-source, really.)
>>
>> To build a .dsc and then pass it to a non supported builder (which
>> means, anything that is not sbuild or gbp, I think).
>
> Right, I sort of realised that in my last message. Are these mostly
> use cases where a .dsc is wanted rather than a .changes ?
I thought of a case where a .dsc is not sufficient and one needs a
.changes: services like <http://debomatic-amd64.debian.net/>.
To use debomatic you must change the distribution in your changelog to
'unstable' from 'UNRELEASED', build a _source.changes, and then sign the
.changes and .dsc with your PGP key.
I.e. you are only a `dput ftp-master` away from accidentally releasing
your package and you are also trusting debomatic not to leak your signed
_source.changes, which would permit someone else to release your
package.
IMO this is a very bad workflow and so it would be okay if dgit did not
support it. I.e. dgit should have `export-dsc` and `push-source` only,
and no `build-source` subcommand that builds a _source.changes but does
not upload it.
The user can of course use `dgit build -S`, and in any case, even with
`build-source` they must still invoke debsign themselves.
--
Sean Whitton
signature.asc
Description: PGP signature

