On 25.06.24 23:14, Salvo Tomaselli wrote:
I think that the very same people who never check what's in a tarball are very unlikely to start checking diffs.
IMHO you're mistaken.(a) checking the source package is not a one-liner. You need to untar to someplace temporary, run a recursive diff (remembering to not skip new files), then clean up the tempdir.
On the other hand, "git log --patch up..deb" is one simple command; you even can add a shell alias or git alias for it.
(b) people (both the maintainer and others) routinely look at git changelogs, including with --patch or --stat.
I have no idea how unlikely my personal preferred workflow is, being a sample size of one, but I have literally never examined a just-assembled source package. On the other hand I run various "git log" commands habitually, and based on the nonsense I did find on several of those occasions I believe I'd notice strange changes pretty soon(ish).
-- -- mit freundlichen Grüßen -- -- Matthias Urlichs
OpenPGP_signature.asc
Description: OpenPGP digital signature
