Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted dgit 11.11 (source) into unstable
Date: Tue, 03 Sep 2024 13:34:04 +0000
Signed by: Sean Whitton <spwhitton@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 03 Sep 2024 13:55:01 +0100
Source: dgit
Architecture: source
Version: 11.11
Distribution: unstable
Urgency: medium
Maintainer: Ian Jackson <ijackson@chiark.greenend.org.uk>
Changed-By: Sean Whitton <spwhitton@spwhitton.name>
Closes: 1069001
Changes:
 dgit (11.11) unstable; urgency=medium
 .
   [ Ian Jackson ]
   * dgit-repos-server, tag2upload support:
     - Introduce t2uv_* prefix to distinguish trusted parts of t2u flow.
     - New parameter for mail addresses to Cc error messages to.
   * dgit-repos-server, general:
     - New always-accept AUTH-SPEC.
     - Fix & update some debug printing.
     - Some other refactorings.
   * Dgit.pm:
     - git_rev_parse: New \@prefix parameter.
 .
   * dgit: Fix documentation of the rpush protocol.
   * TAG2UPLOAD-MANAGER-PROTOCOL.md: New protocol specification.
 .
   * Test suite:
     - New .gitlab-ci.yml to enable salsa CI.
     - Pass --no-same-owner to tar.
       Fixes running the tests as root.
     - Move some variables out from tests/drs-git-ext to tests/lib.
     - tag2upload: Check for drs dgit success (t-tagupl-succeeded).
     - tests/enumerate-tests: New facility for printing package names.
     - Various renames to replace 'tagupl' abbreviation with 't2u'.
       Not yet complete.
 .
   [ Sean Whitton ]
   * dgit:
     - Check that a source-only changes has "Architecture: source".
     - New --expect-suite, --expect-version options for rpush.
       The initiator now checks the values of these options, and that of
       -p/--package, against the parsed changelog, .changes and .dsc sent
       by the responder.  This protects against a misbehaving or
       compromised responder attempting to use the initiator to sign
       .changes and .dsc files for some other package, version or target
       suite.  This is relevant for how the security of the tag2upload
       design relies on the rpush protocol.
     - New --tag2upload-builder-mode, --tag2upload-upstream and
       --tag2upload-upstream-commit options.
       These are used to invoke mini-git-tag-fsck in the right way, and
       --tag2upload-builder-mode may enable other things in the future.
       (As of this release, they are not yet passed by dgit-repos-servers.)
 .
   * git-debpush: Add source= & version= to the in-tag metadata (for real
     this time) (Closes: #1069001).
 .
   * dgit-repos-server, tag2upload support:
     - Obtain the source package and version from the [dgit ...] metadata.
       (The target suite is still obtained from the first line of the tag
       message; this will change.)
     - Replace invoking 'dgit push-source' with 'dgit rpush-source'.
       This is work towards the new tag2upload three node design.
     - Pass the new --package, --expect-suite and --expect-version.
     - Some other tidying up.
 .
   * TAG2UPLOAD-DESIGN.txt: Document SOURCE_VERSION.git.tar.xz.
   * mini-git-tag-fsck: New script to handle SOURCE_VERSION.git.tar.xz.
     Its functionality is only partially implemented as of this release.
 .
   * Test suite:
     - Test the new rpush security by mocking up an MITM of the responder
       (tests/ssh-rpush-mitm).
     - Very basic test for --tag2upload-builder-mode.
     - t2u-gbp: Drop an unnecessary, confusing include.
 .
   * Update copyright notices for Ian and me for core files.
   * Add .dir-locals.el.
   * Add some file mode indicators in various places.
 .
   [ Sean Whitton & Ian Jackson ]
   * Add TAG2UPLOAD-FAQ.md.
     With thanks to Russ Allbery for review.
Checksums-Sha1:
 f134ed54c801049f53053daf8861a08e9378be1f 2286 dgit_11.11.dsc
 b568fbe84e25e77fc5d062bca55af3eb23340da8 729245 dgit_11.11.tar.gz
Checksums-Sha256:
 9c453ab013054616ed8546563a974df6714b09a35e5fe18e1d1cdb0711d79ebf 2286 dgit_11.11.dsc
 5c9c9cad0f784f85f8a8b163185ccbed30d4e17638fdd0a7e1013f7a55f1773a 729245 dgit_11.11.tar.gz
Files:
 8b78a7b9398e777a589bba0581d57a83 2286 devel optional dgit_11.11.dsc
 147b5112617df284318bd981d0d6deba 729245 devel optional dgit_11.11.tar.gz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmbXDXUACgkQaVt65L8G
YkC69Q//fKVnp8uNsUyQZA9jUWdoR/+kxsrOnCy82kIk+O2kfIZgEkRQBJi2fPuK
Y18cHpCMXF7UmyWjhLJz+4ydvLd2yugKaTzeVYp6MIv8VqlheuV5Om18bf7aZYvn
vh+rIPmfmOaRIcSIKE8eRSxwsiP7x3kY30IkCPj8lyUkXK6wuOu60iFklB+CFTB8
cHZLy62XLHRdc2z+shyX+TIdzSawjpRUJErTreLhUnmuS0wmC5omCyHhapF5rerI
xNTiEFf7SakZJeVOdtyRmy0RyaKHkHdKReJO+T1o6iwQtbtFhnTF7nteiSlwSA5D
YWsqtgYKpe3JhXPfXpfnSTlOI9A4Y9Boe30iz2zxAKTu4Xx/3hsgTmHd1iTlanZs
B3gLTWoJd46Lc9DqITZb8BNnMB/E7OsWE7QMseW8hLJutr+t4eudYixLQusDC8T7
TX+0wb10RWRER/zj39Mb/BEbe8/wwqr0/l7Q0U/VExR/W7I89Qa80gO4dKiWoqB/
V1xODY9+PVlKQ3rqYe4+MnW0hUjBeobJ+KuLAK3xUtISiK28EC7xcoVBKeCRePtW
DOa8lNl/cCc6vj8MYpaUT1HLCyoOd+k91K6pdcZ9CG/N8otDwbNo6AcZ1bl1v8E9
2pWEoNpxkg5kihyOThRyPBDl4gEut4W6WULODe76JuSbXsu/GeI=
=wb9P
-----END PGP SIGNATURE-----
News for package dgit
