For the first question, let me try to think some more first. The second one is simpler:
Niels Möller via Sigsum-general sigsum-general@lists.sigsum.org writes:
- Elias noticed that the --version option doesn't work as expected for the sigsum-go tools in debian. See https://git.glasklar.is/sigsum/core/sigsum-go/-/issues/150
I think we need additional hooks to make this easy to set appropropriately in the packaging. Suggestions on how to do this in a good way is appreciated. It would be nice if we could get this improved for the next sigsum-go release, which will likely happen in a week or two.
That is a common problem with many (maybe even most) Go packages, so Sigsum is in good company having useless --version in Debian.
One common pattern to resolve this is to use linker flags like you suggest, and this is used in some Debian packages already like this:
https://salsa.debian.org/go-team/packages/age/-/blob/debian/sid/debian/rules...
Variations on the name exists, including 'main.Version', 'main.version', 'version.Version', 'version.Revision', and some packages even include the full namespace as in -ldflags "-X sigsum.org/sigsum-go/version.Version=$V" which would make sense in a library or where multiple versions are useful to record at the same time.
If you support a scheme like that, it is easy to make use of it in packaging.
/Simon