creating the arpwatch repo

[Lukas Schwaighofer]

Hi everybody,

I've officially joined your team today, looking forward to working with
you :) . I will probably create a bit of noise asking questions in the
next few weeks… starting now:

I want to setup the git repsoitory for arpwatch. I've followed the
guide on the team wiki to create the repo on alith. I just want to
confirm the repository layout I should choose to be compliant to DEP-14:

* upstream code will be pushed to a branch called 'upstream/latest'
* the packaging will be in 'debian/master'
  - I also intend to push my updates into this branch, even though the
    upload targets experimental, since I expect all of this to also be
    part of the next upload to unstable (after stretch release)
* pristine-tar will go into the 'pristine-tar' branch


Two related questions:
* I started working on the package on top of the existing arpwatch
  packaging repository on collab-maint; as pushing interact with the BTS
  (tagging any fixed bugs as pending), does pushing the complete repo
  (containing "old commits" with fixes to old bugs) into the repository
  create any problems?
* Regarding tagging of the Debian releases in git: DEP-14 recommends,
  but does not require, signing the tags.  Should I create a signed tag
  (after a DD has sponsored the upload) myself or will the uploading
  DD do that (so the tag has a verifiable signature)?


Thanks
Lukas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20170407/bd5391cd/attachment.sig>