Package: pristine-tar Version: 1.26 Severity: wishlist -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi Joey, I'd prefer not to have an isolated branch for the pristine-tar data but to have a folder in debian/ e.g. debian/pristine-orig/ to hold the data of pristine-tar. First it happens often that people make mistakes when committing a tarball with pristine-tar. It's hard for git novices to reset the pristine-tar branch to undo the commit. It's much easier to delete a delta file from the filesystem instead of commiting it. Second it seems to be the right thing to have everything in one branch. - - If I tag my debian release with a signed git tag I sign just the master branch. An attacker could still try to manipulate the pristine-tar branch. - - It might be possible that the pristine-tar branch gets lost or isn't up to date with the version referenced in the changelog in the master branch. Regards, Thomas Koch -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRCXQ6AAoJEAf8SJEEK6ZaOWUP/3S7B48vosGZ2KJvY01M7CVc aj0xzPCrWHzHMOKADUg1GftvkwhUij5mNABuH0zbIRryQAoSkLnX6DywR+mlFR7p sdbXx29d1mTRilB6gia5a9vydS9cgszpggLH5uwjvfc6SCZQ7HDaAZEdeT5JhaKV 7fkFetqcccOS4Qp0ZIvOvIdJsmbNg+GEKV4yqSs+SotzdY5AIDzROsyVUwmEQ2Ma VTcT29PiErpDI5M30jeQ8too98g9ralauOA3Pw87W+REsnFrpCSpq0Y66zkC+FcM ceXYwR102Rj4RxEXvPLtPy8gPAXmi8vCXVGSv/rvoaq13Tj3xh22yk2msuTKQ7BR KhJ5vwEIZRuOzRBhJL/susgeeXs/HK+kIY8a9zqLlOgdlP7tbg5c1/1GRl6nAzlD es6kTgPj6jlVm++0teoksQ+89ASBLsn00ddNYcntZ/+W4HmVBpSAidqRMtWq2drW ximGlunklS5qA8jWztyzvpEg4kgsmpYjUWpBqE3di8U+ffx3oL0DqHfQDtkLPVfk c8j1sXaBabM9PL+SNwhZM+OaqQN1iZWq1Aa/kAyNI6AKGUG1AXSFGcSnDvEO0wPC 5vO49ge86dpy5tJsipXsngEjTRFLaHUdkwnb+2giMe4cYo7hkUE6L367/08312Hw yCEwk7j0sUkHZDgRBhiH =waGz -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
