Timo Röhling <roehl...@debian.org> writes: > Would it be possible for tag2upload generate some sort of log or diff of > its operation? Then, a verifier does not have to reimplement the whole > dgit logic with all its edge cases, it merely has to apply the same tree > transformation(s) as t2u and verify that this will indeed produce the > source package from the signed Git tag.
I believe that's what tag2upload pushes to the dgit-repos server, although I'm not sure that exactly matches what you're asking for. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
