Simon Richter writes ("uscan and tag2upload"):
> On 1/9/26 5:40 AM, Otto Kekäläinen wrote:
> > With this also anyone
> > auditing a potential backdoor can reproduce the import and (directly)
> > see it came from upstream and not from the maintainer in Debian.
>
> Would it make sense to have a common "convert git tree to orig
> archive(s)" tool that is used by both uscan and tag2upload?
Do you mean git-deborig, which already exists?
--
Ian Jackson <[email protected]> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
