Andrey has already said much of what I could add to the thread, but I think I can slightly clarify the needs of NMUers.
On Fri, Oct 25, 2024 at 08:45:16AM +0200, Andreas Henriksson wrote: > I would very much prefer if it was possible in Debian to not allow > the archive to get out of sync with packaging git repo (for example > when it lives under salsa.debian.org/debian which uploaders should have > access to already). There are three quite fundamental pieces missing to achieve this. There needs to be simple way to turn a git commit into a source package. If the source of truth ever is to become git, the .dsc becomes an export format and then this becomes a hard requirement. We can turn git commits into source packages. The problem is that there is not one way to do this, but about a hundred and you need to know which package uses which. That does not scale. There needs to be a simple way to figure out the commit that corresponds to an upload. This problem has been approached in two ways. For one thing, there is DEP14 recommending a particular tag layout, but I think this is backwards. It assumes that the git repository is trusted, but in reality git repositories allow for much wider access than Debian uploads. What we really needs is a source package to know the commit id it was generated from. These operations need to round-trip. If you take a source package, identify the git commit and export it to .dsc, it must be functionality equivalent to what you started with. Timestamps may differ, but file content or contained files very much not. To me, these are hard requirements for using maintainer git repositories for performing NMUs. Now the dgit users among us will be grinning already as what I have written here, very much reads like a specification of (parts of) dgit. Once again, I question whether salsa as we use it now is the solution or the problem. I note that it is practically possible to push your dgit history to salsa and then NMUers can easily do meaningful MRs for their uploads even when your maintainer git has changes that have not yet been uploaded. Helmut
