New supply-chain security tool: backseat-signed
Sean Whitton
spwhitton at spwhitton.name
Sat Apr 6 11:13:22 UTC 2024
Hello,
On Fri 05 Apr 2024 at 01:31am +03, Adrian Bunk wrote:
>
> Right now the preferred form of source in Debian is an upstream-signed
> release tarball, NOT anything from git.
The preferred form of modification is not simply up for proclamation.
Our practices, which are focused around git, make it the case that
salsa & dgit in some combination are the preferred form for modification
for most packages.
--
Sean Whitton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 869 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20240406/5b56e8a4/attachment.sig>
More information about the rb-general
mailing list