Theodore Y. Ts'o writes ("Re: Git Packaging: Native source formats"):
> Or if we end up moving to dgit for everything, and we don't want to
> use pristine-tar (which I like, but I realize that's not an opinion
> shared by everyone; some people seem to hate it), and upstream uses a
> non-git repo (say, bzr, or hg) and still uses signed tar.gz files, I'd
> argue we need to have a good way to reserve the cryptographic
> signature of upstream's foo.tar.gz and foo.tar.gz.asc in a dgit-only
> world.I think dgit ought to be compatible with the idea of shipping upstream's .asc's about, but maybe there are bugs. I don't ever do this so I don't know if it works and I doubt there are tests for it. So, if you have a package where you want to use dgit push and you find the upstream .asc is not being included, please file bug(s). Thanks, Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
