Hi, On Wed, 11 Feb 2026 at 19:52, Sean Whitton <[email protected]> wrote: ... > For example, I maintain or team half-maintain maybe 90 packages in > total, and none of them use pristine-tar. So the only case where I > cannot use tag2upload is when I need to upload to NEW, which is not > often. Therefore tag2upload is my default way to upload, because why > wouldn't it be, it's so smooth and easy.
Your own packages would be a great reference *if* they would be maintained more like the majority does, but it does not seem like that. Looking at the 11 packages you personally maintain listed at https://udd.debian.org/dmd/?email1=spwhitton%40spwhitton.name&nouploader1=on&nosponsor1=on&email2=&email3=&packages=&ignpackages=&format=html#todo I see that: - None of them are hosted on salsa.debian.org, unlike most Debian packages are nowadays (which brings along it several workflow aspects) - 10 out of 11 have a broken uscan result as reported by Debaudit, indicating that you maybe don't care to maintain watch files (while most other DDs do maintain them) Respectfully, since you are not using the workflows most other people do, you are probably blind to the shortcomings in end-to-end workflows of the systems you develop. I wish you were more open to feedback to learn about the shortcomings and willing to address them. ... > I would encourage everyone reading to try 'git debpush' so we can move > on from this situation, towards one with greater mutual understanding. I understand you want people to try using 'git debpush' and you think it is perfect as-is, but as many people are pointing out issues, would it not be more productive to try to just fix them? The biggest item being pristine-tar support as tracked in #1106071. That would be a technical fix to get adoption to tag2upload. Other key ones would be #1110269 to deposit upstream release tags and #1111331 to have git push include checking CI status and block uploads if CI is in use, and shows a regression. I have used tag2upload on a small scale, but I won't use it for important packages until it supports maintaining the software supply-chain validation mechanism that Debian has been using for decades, and which also e.g. Fedora, SUSE, Arch and basically all other distros use, which is to compare the checksum of the original source tarballs. Your co-author is calling this a 'fetish' so he clearly isn't going to implement or accept any external person's implementation, but if you could do it we might get over this gap and actually use tag2upload project-wide. Thanks, Otto
