Hi, On Fri, 2024-06-21 at 09:26 -0700, Russ Allbery wrote: > Ansgar 🙀 <ans...@43-1.org> writes: > > > I would still like to understand how your packages would not work with > > the suggested integrity check. Could you give an example, possibly with > > a reference to a Git repository as well? > > https://tracker.debian.org/pkg/tf5 > > See the "debian patches" link in the right sidebar.
The only published branch (debian/unstable) looks like it would be trivial to for git-debpush to compute an integrity hash as suggested using only a bit shell around Git commands (no dpkg, dgit or anything)? (AFAIU git-debpush would already check that patches apply cleanly here, so it could provide hashes of either patches-applied or patches- unapplied.) It's a classic 3.0 (quilt) package with a manually maintained patch queue that isn't magically assembled in any way (at least not in any way relevant to the published repository)? Could you point me a bit more into the direction of the problem? As I don't see it yet. And https://udd.debian.org/patches.cgi?src=tf5&version=5.0beta8-12 vs https://salsa.debian.org/rra/tf5/-/tree/debian/unstable/debian/patches?ref_type=heads does not look too different either. I don't see why you couldn't point upstream there? There are no intermixed commits, some of which are to Debian files and some of which are to upstream files there? Nor does it require a whole bunch of Git knowledge to extract anything vaguely useful from that? Ansgar
