Hi, * Ian Jackson <[email protected]> [2026-02-11 18:13]: > > >I am especially concerned about this action flipping some switches > > >either in my repository or in the archive that might prevent me > > >from switching back to the classical workflow in the case I don't > > >like the result. > > Come on, it's just a tag: to see what happens you can run "git > > debpush --tag-only" and then check that the repository has not been > > maimed. > > And if you want to rollback then you can just delete the tag. > Well, that argument doesn't prove that the tag2upload system wouldn't > act on that tag in a way that would "flip some switches" which would > somehow interfere with future dput-based uploads. After all the whole > point is that the uploader simply signs a tag and then the tag2upload > service does Much Complicated Stuff.
I think many of us needs to understand how the system works under the hood to trust it. The best explanation I found was in the sevice design document[1]. I have the feeling that at least the overall structure and dataflow could be added to the manual page. Before reading this doc, I had questions about how the package was uploaded. Do I need ssh access somewhere? Do I need to push to a special repository? How is it related to dgit? As a DM, I was also wondering whether I had the right access to use it (it’s clear now, I only need push access to salsa). On a separate topic, now I want to try to use dgit (and git-debrebase!), but I did not find how pushing to the dgit repo is done (I suppose it needs my ssh pubkey), maybe it’s not possible for a DM, or maybe git-debpush renders dgit push obsolete? Nicolas. [1]: https://salsa.debian.org/dgit-team/dgit/-/blob/main/TAG2UPLOAD-DESIGN.txt
