Hi, On 1/9/26 5:40 AM, Otto Kekäläinen wrote:
With this also anyone auditing a potential backdoor can reproduce the import and (directly) see it came from upstream and not from the maintainer in Debian.
Would it make sense to have a common "convert git tree to orig archive(s)" tool that is used by both uscan and tag2upload?
Simon
