Joerg Jaspert <jo...@debian.org> writes: > On 17265 March 1977, Russ Allbery wrote:
>> Does anyone think I've missed anything? > Yah. About the whole first half of my mail. I don't understand. Are you saying that if dak checks the signature on the tag, you no longer need to check an uploader signature on the contents of the source package and are okay with the tag2upload signature on the final source package? I thought these were two separate things, but yes, if you're fine with dak checking the signature on the Git tag without having an uploader signature on the final source package, that means this difference may not be irreconcilable (and also that I didn't understand the second part of your message, but that's a separate issue). > The API details need to be defined, of course, but the basic idea is > there and sounds good, and I believe one can get t2u and dak > interoperate with that with about all of the client side requirements > the t2u people want to have stay intact. This would be great news, certainly. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
