On Sun, Nov 22, 2009 at 11:20:03AM +0100, Raphael Hertzog wrote: > It has been suggested on IRC that having dpkg-source switch back to > native mode if it can't find the .orig tarball was probably a bad idea > from the beginning and that it tends to confuse people. However, > with the addition of new formats, I generalized that concept of > fallbacks... I believe this is a mistake. Indeed, having dpkg autodetect stuff was a bad idea; it not only tends to confuse people, it also compromises reproducability. With the introduction of a new source format, we have an opportunity to fix this mistake. We should not make dpkg-source build a source package in a particular format based on a set of guesses, because that is going to break at one point or another. Instead, the way one particular format is chosen should be the result of a well-documented and deterministic set of things; a single file such as debian/source/format is perfect. It is of course perfectly fine for dpkg-source to error out if it detects that things are not completely in order, or if it detects that features were requested that are not supported with the source format that is in use. But it should not silently assume another format is probably to be used if things are not entirely what they should have been. Otherwise a whole can of worms will be opened that I do not think we want to open: Currently, if I want to avoid that my package gets built as a 1.0 native package, I just need to make sure that there is a .orig.tar.gz file somewhere. This is not very nice, but it is something we can live with. However, if the situation changes so that if I want to avoid that it gets built as a 3.0 package, I have to make sure not to run dpkg-source in this way, and that this file does not exist, and that I do not try to do those other three things either, then the system loses a lot of deterministic attributes, which would be bad. Consider what happens to debhelper: if there is no debian/compat file and the environment variable DH_COMPAT is not set, then debhelper assumes compatibility level 1, and starts yelling and screaming; however, debhelper will still build the package, for as much as is reasonably possible. I believe dpkg-source should work in a similar way: if there is no debian/source/format file, dpkg-source should not try anything beyond 1.0 level formats. Or, in short: autodetection is evil. -- The biometric identification system at the gates of the CIA headquarters works because there's a guard with a large gun making sure no one is trying to fool the system. http://www.schneier.com/blog/archives/2009/01/biometrics.html
Attachment:
signature.asc
Description: Digital signature