Hello Forum: Thanks for your prompt reply.
On 01/03/16 06:51, Paul Wise wrote: > On Tue, Mar 1, 2016 at 1:05 AM, Jerome BENOIT wrote: > >> I am on my way to package a software whose the upstream source is >> available at github with only commits: the upstream team uploads >> new material the last Friday of each month, but without emitting >> any tags. Can we use uscan (version 4) for such a scheme ? > > While uscan now supports checking remote git repositories, it relies > on git tags to find new releases so that feature isn't useful to > you. Indeed. > > You might be able to use pagemangle or one of the other new features > to hack around this, depending on the content of the github HTML. Of course, the version is somewhere in the source: the issue would be solved if the automates could play with the involved file. > > The best would be to convince upstream to do proper releases (with > tags and tarballs) and sign the commits, tags and tarballs with > OpenPGP. > > https://wiki.debian.org/debian/watch#Cryptographic_signature_verification > https://help.riseup.net/en/security/message-security/openpgp/best-practices I am agree. But, unfortunately, [s]he seems very reluctant: [s]he put the request on the so called WhishList, but I think that [s]he does not understand the issue. > > At worst you could set yourself calendar reminders for every > Friday/Saturday. > On the other hand, I am packaging on behalf of a Debian Team: the packaging must be canonical and fully supported by automates. > If you want more specific info, you would need to mention a crucial > detail; which github project is this? > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802176 https://github.com/IDRSolutions/maven-OpenViewerFX-src Thanks, Jerome