On 2019-08-28 16:00:10 -0400 (-0400), Sam Hartman wrote: [...] > It seems particularly attractive when upstream doesn't produce > tarballs and instead does their development in git. [...]
Not to be a pedant, and it probably wasn't what you meant to imply either, but I want to be clear that upstreams can produce tarballs as their official distribution format while also performing their development in Git repositories. In some cases where I'm directly involved, information like changelogs, release notes and version numbers are handled as Git metadata and then "exported" into the tarball artifact via a sort of `make dist` activity. The signed tarballs are treated as the actual release artifact, and the Git repositories are considered an upstream development implementation detail. While some package maintainers may see this as a reason to prefer packaging those projects directly from tagged Git repository states, that does necessarily imply performing similar steps to generate or extract this metadata for use in their packages. Others may simply wish to consume the prepared tarballs where this step has already been performed for them. -- Jeremy Stanley
signature.asc
Description: PGP signature
