+let us assume that it is not possible for new to have a version older than sid
+Whenever pushing, check for
+ source-package-local tainted history
+ global tainted history
+ can be overridded by --deliberately except for an admin prohib taint
+ALL of the following apply only if history is secret
+if NEW has a version which is in our history[1]
+ (on push only)
+ require explicit specification of one of
+ --deliberately-include-questionable-history
+ --deliberately-not-fast-forward
+ (will taint old NEW version --d-i-q-h)
+ (otherwise)
+ leave it be
+if NEW has no version, or a version which is not in our history[1]
+ (always)
+ check all suites
+ if any suite's version is in our history[1], publish our history
+ otherwise discard our history,
+ tainting --deliberately-include-questionable-history
+[1] looking for the relevant git tag for the version number and not
+ caring what that tag looks for
+Want some invariants or properties
+ - .dsc of published dgit package will have corresponding publicly
+ visible dgit-repo (soon)
+ - when a new package is rejected we help maintainer avoid
+ accidentally including bad objects in published dgit history
+ - .dsc of NEW dgit package has corresponding dgit-repo but not
+ publicly readable