Kurt Roeckx writes ("Re: [RFC] General Resolution to deploy tag2upload"):
> [how about a design which includes:]
>
> - there exists some tool that can extract the information >from the
> DSC, verify the git signature, and that it generates a tar with
> the same content?
The difficult part is "the same content". Converting a maintainer's
git tree into a corresponding list of files for the .dsc is far from
trivial.
It's trivial in simple cases. For example, with a native package, the
git tree is identical to the extracted source package.
In the full generality it's very complicated. dgit has thousands of
lines of code to deal with all of the edge cases and malbehaviours and
disagreements amongst the various tools.
For example, you perhaps knew that git and dpkg-source disagree about
how to represent "commit message" information in a patch file. But
did you know that they can disagree about the *file changes* implied
by a patch ?
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
