On Tuesday, June 11, 2024 6:25:02 PM EDT Sean Whitton wrote: > - it improves the traceability and auditability of our source-only > uploads, in ways that are particular salient in the wake of xz-utils.
As I understand it, Debian was affected by the xz-utils hack, in part, because some artifacts were inserted into an upstream tarball that were not represented in the upstream git. Please explain how use of tag2upload is relevant to this scenario? I'm afraid I don't follow. Scott K
signature.asc
Description: This is a digitally signed message part.
