Matthias Urlichs writes ("Re: [RFC] General Resolution to deploy tag2upload
[and 1 more messages]"):
> Say I need to apply a security patch to some package's git tree on
> Salsa. How can I be sure to even create the same source tree as the
> previous uploader? I don't know which tool the maintainer used, nor the
> options supplied to it, so I can't.
This is the security uploader's version of my blog post
https://diziet.dreamwidth.org/9556.html titled:
Get source to Debian packages only via dgit;
"official" git links are beartraps
> Thus I need to ignore the maintainer's git tree in favor of "apt-get
> source",
`dgit clone` will automate this for you, including importing the
source into git. As a bonus, if the maintainer used `dgit push`,
you get their git history, not just a .dsc import.
This is the security uploader's version of my blog post
https://diziet.dreamwidth.org/17579.html titled:
Don't use apt-get source; use dgit
Sadly if there was a previous security upload, that won't have been
done via dgit push, because that's not supported. That's
#1050143 dgit: support uploading to security-master
I'm kind of hoping that if tag2upload becomes popular, there will be
additional momentum there. It's not trivial - there's real work
involved, on the part of multiple teams.
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
