On Thu, Aug 29, 2019 at 11:23:01AM +0100, Ian Jackson wrote:
> Theodore Y. Ts'o writes ("Re: Git Packaging: Native source formats"):
> > Or if we end up moving to dgit for everything, and we don't want to
> > use pristine-tar (which I like, but I realize that's not an opinion
> > shared by everyone; some people seem to hate it), and upstream uses a
> > non-git repo (say, bzr, or hg) and still uses signed tar.gz files, I'd
> > argue we need to have a good way to reserve the cryptographic
> > signature of upstream's foo.tar.gz and foo.tar.gz.asc in a dgit-only
> > world.
>
> I think dgit ought to be compatible with the idea of shipping
> upstream's .asc's about, but maybe there are bugs. I don't ever do
> this so I don't know if it works and I doubt there are tests for it.
>
> So, if you have a package where you want to use dgit push and you find
> the upstream .asc is not being included, please file bug(s).
The problem I have is that "dgit gbp" doesn't extract the upstream
.asc. Not a big deal, I use /tmp/gbp for my build directory, and I
manually checkout and populate it with the .asc file. But building
from "dgit clone" won't generate same package as I do (which includes
the .asc file for the orig.tar.gz file.)
Cheers,
- Ted
