[Pkg-mozext-maintainers] Bug#591579: Bug#591579: RFP: https-everywhere -- browser extension to enforce SSL browsing according to rules

[Jérémy Bobbio]

On Wed, Aug 10, 2011 at 09:03:19PM -0300, Rogério Brito wrote:
> Regarding one point that Axel mentioned about using pristine-tar,
> unfortunately, the tor project only seems to release xpi files, which are
> actually zip files, but pristine-tar only supports gzip or bzip2 compressed
> tar files.

Using pristine-tar on the repackaged tarball that are produced by uscan
is also an option. Then anyone can use the package Git repository to
reproduce the source.

> * grab our tarballs from https://gitweb.torproject.org/https-everywhere.git,
>   but, AFAIK, we loose the automation of checks with uscan and with uupdate

For Torbutton, I am using the upstream Git repository (and
git-buildpackage) as my way to generate the .orig.tar.gz. As releases
have (signed) tags, I consider it sufficient.

You can have a look at the debian/README.source of torbutton, it might
help to get a better idea of the procedure involved.

You can always have a watch file for the PTS on top of that.

Cheers,
-- 
Jérémy Bobbio                        .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozext-maintainers/attachments/20110811/5b16ac0c/attachment.pgp>