Hello, On Sat 15 Mar 2025 at 06:11pm +11, Stuart Prescott wrote:
> I would, however, reject that claim that the text is not ambiguous as > TAGOBJID is defined nowhere in policy, TAG2UPLOAD-DESIGN.txt, the dgit > documentation, dgit source code, git documentation, or even in the git > source code. The only mentions of a TAGOBJID I can find anywhere are > in the gitk and cgit source code and that's not a source of normative > definition for policy. It's fine to make up terms for the purposes of > documentation but when it's not a well-known term, it cannot be used > without some definition somewhere. I didn't follow you here because my patch says "TAGOBJID is ..." which is a definition. Otherwise, I've revised the patch to address everything, I think. Note that these new fields are in the archive, now, indeed in trixie. Seeking seconds. Thanks! -- Sean Whitton
From 1dd537efa7bff1993273f24f85daf0468f73b302 Mon Sep 17 00:00:00 2001 From: Sean Whitton <spwhit...@spwhitton.name> Date: Wed, 1 Jan 2025 19:14:06 +0000 Subject: [PATCH v4] Document Git-Tag-Tagger and Git-Tag-Info fields --- policy/ch-controlfields.rst | 61 ++++++++++++++++++++++++++++++++++ policy/upgrading-checklist.rst | 9 +++++ 2 files changed, 70 insertions(+) diff --git a/policy/ch-controlfields.rst b/policy/ch-controlfields.rst index 3151816..9769235 100644 --- a/policy/ch-controlfields.rst +++ b/policy/ch-controlfields.rst @@ -237,6 +237,10 @@ is described above, in :ref:`s-controlsyntax`. - :ref:`Dgit <s-f-Dgit>` +- :ref:`Git-Tag-Tagger <s-f-Git-Tag-Tagger>` + +- :ref:`Git-Tag-Info <s-f-Git-Tag-Info>` + - :ref:`Standards-Version <s-f-Standards-Version>` (mandatory) - :ref:`Build-Depends et al <s-sourcebinarydeps>` @@ -291,6 +295,10 @@ The fields in this file are: - :ref:`Changed-By <s-f-Changed-By>` +- :ref:`Git-Tag-Tagger <s-f-Git-Tag-Tagger>` + +- :ref:`Git-Tag-Info <s-f-Git-Tag-Info>` + - :ref:`Description <s-f-Description>` (mandatory in some cases) - :ref:`Closes <s-f-Closes>` @@ -1307,6 +1315,53 @@ This list is intentionally incomplete. You should consult the documentation of the tool or package in question for which keywords it defines and when they are needed. +.. _s-f-Git-Tag-Tagger: + +``Git-Tag-Tagger`` +~~~~~~~~~~~~~~~~~~ + +Name and e-mail address of the person who made the Git tag from which this +upload was generated (and to which it corresponds) in accordance with the +tagging protocol described in the :manpage:`tag2upload(5)` manual page and +`TAG2UPLOAD-DESIGN.txt +<https://salsa.debian.org/dgit-team/dgit/-/blob/master/TAG2UPLOAD-DESIGN.txt>`_. +The syntax is the same as for the :ref:`Maintainer field <s-f-Maintainer>`. +The values for the name and e-mail address originate in the ``tagger`` line of +the raw Git tag; they are transformed as necessary to satisfy the field's +syntax. + +Uploads signed by an implemention of the tag2upload service must include this +field. Uploads not generated in accordance with the tag2upload protocol must +not include this field. + +.. _s-f-Git-Tag-Info: + +``Git-Tag-Info`` +~~~~~~~~~~~~~~~~ + +Other information about the Git tag from which this upload was generated (and +to which it corresponds) in accordance with the tagging protocol described in +the :manpage:`tag2upload(5)` manual page and `TAG2UPLOAD-DESIGN.txt +<https://salsa.debian.org/dgit-team/dgit/-/blob/master/TAG2UPLOAD-DESIGN.txt>`_. + +The value is of the form ``tag=TAGOBJID fp=FINGERPRINT`` where ``TAGOBJID`` is +the Git object ID of the Git annotated tag object, [#]_ and ``FINGERPRINT`` is the +fingerprint (in hexadecimal, without spaces) of the PGP key used to sign the +Git tag. Other space-separated ``keyword=value`` items may be introduced in +the future, and users of this field must ignore items with unknown keywords. + +``FINGERPRINT`` is taken from the first field of the ``VALIDSIG`` line emitted +by :manpage:`gpgv(1)`, as specified in ``/usr/share/doc/gnupg/DETAILS.gz`` +from the ``gnupg`` package. This will generally be the fingerprint of the +signing subkey, if one was used, and the primary key's fingerprint otherwise. + +The Git annotated tag object is obtainable from the *dgit-repos* server, as +described under ``Dgit``, above. + +Uploads signed by an implemention of the tag2upload service must include this +field. Uploads not generated in accordance with the tag2upload protocol must +not include this field. + .. _s5.7: User-defined fields @@ -1443,3 +1498,9 @@ details. .. [#] That is, the parts which are not the ``.dsc``. + +.. [#] + Annotated tag objects have distinct IDs from the IDs of the commits to + which they point. Many Git commands on operating on tags dereference the + tag immediately, and show you the ID of the commit object and not of the + tag object, but these are not the same. diff --git a/policy/upgrading-checklist.rst b/policy/upgrading-checklist.rst index 3ead284..2f12a72 100644 --- a/policy/upgrading-checklist.rst +++ b/policy/upgrading-checklist.rst @@ -39,6 +39,15 @@ The sections in this checklist match the values for the except in the two anomalous historical cases where normative requirements were changed in a minor patch release. +Version 4.7.3 +------------- + +Unreleased. + +5.6.32 & 5.6.33 + New sections documenting the ``Git-Tag-Tagger`` and ``Git-Tag-Info`` + fields in Debian source control and ``.changes`` files. + Version 4.7.2 ------------- -- 2.47.2
signature.asc
Description: PGP signature
