New supply-chain security tool: backseat-signed

Sean Whitton spwhitton at
Sat Apr 6 11:13:22 UTC 2024


On Fri 05 Apr 2024 at 01:31am +03, Adrian Bunk wrote:

> Right now the preferred form of source in Debian is an upstream-signed
> release tarball, NOT anything from git.

The preferred form of modification is not simply up for proclamation.
Our practices, which are focused around git, make it the case that
salsa & dgit in some combination are the preferred form for modification
for most packages.

Sean Whitton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 869 bytes
Desc: not available
URL: <>

More information about the rb-general mailing list