On Wednesday, August 13, 2025 2:26:13 PM Mountain Standard Time Andrew Bower wrote: > I just tried this on one of my packages, successfully with both > uscan > and > gbp import-orig --uscan > > using this watch file: > > version=4 > opts="mode=git,pgpmode=gittag" \ > https://gitlab.com/abower/sysv-rc-conf.git/ refs/tags/v([\d\.]+) > > https://salsa.debian.org/debian/sysv-rc-conf/-/blob/debian/latest/debian/watch > > I don't actually use either workflow though because one of the benefits > of signed tags as release artefact is that the import process simplifies > to 'git merge' instead of the tarball unpackaging which I still find > dodgily opaque. > > However, I would be interested in understanding more about if/how Debian > can handled signed upstream tags elsewhere - there doesn't seem to be > any way of checking it after maintainer import. > > I'd be interested to hear what else you discover in this process!
Thanks, that is very helpful. -- Soren Stoutner [email protected]
signature.asc
Description: This is a digitally signed message part.
