Simon Richter <s...@debian.org> writes: > One _incremental_ change I'd like to see would be archive support for > .orig.bundle.* (containing a shallow copy of the upstream commit) and > .debian.bundle.* (containing the differences between the upstream > commit and the package), which would be an absolute game changer for > git integration, the archive side would probably be fairly simple to > implement, and it would allow us to ship the "preferred form for > modification" for a lot of projects more easily. > > Mirrors would still get a size-minimal representation, this format > does not impose a particular workflow and can be easily generated from > and validated against the full tree.
This is an interesting idea! I think one fundamental aspect that lead to tag2upload is that some upstream's are moving away from tarballs and towards having the git repository to be the preferred form of publishing and using a project. What you suggest enables Debian to support this new way of publishing projects natively, instead of adding tag2upload as a intermediary to work around how upstream work with releases. There are some problems though: 1) I don't think a shallow copy will work generally. Instead you want to upload the entire upstream git repository as a bundle. There are several reasons for this, but two simple examples: 1) gitlog-to-changelog or git2cl needs the entire git repository to produce its outputs, and some packages ship this output in the Debian binary package. 2) scripts like git-version-gen that uses 'git describe' plus some additional magic to determine the version number, and it may fail to understand which version it is when parts of the git history is missing. 2) git bundles [built from a git clone of a remote repository] are not guaranteed to be reproducible, so with this approach there is no canonical bit-by-bit identical data stream that corresponds to what upstream intended to be released. This makes it hard to attach any cryptographic signature in a meaningful way. I think this idea has potential, and these two concerns should not be showstoppers. It is orthogonal to tag2upload though, and I don't think exploring the *.orig.bundle.* approach should block tag2upload. /Simon
signature.asc
Description: PGP signature
