> Why aren't sources packed into a single archive, the way rpms files
> are?
I think the reasoning is that each debian-revision consists of only
small changes and patches to the upstream sources, so why re-upload
the upstream sources.
Personally, I think the whole Debian source packaging scheme needs
a major overhaul. Too often, the .orig.tar.gz part of the package
gets separated from the .dsc and .diff.gz parts.
Plus, the naming convention of the .orig.tar.gz part requires ripping
apart the original upstream tarball and renaming everything. This
means that if the .orig.tar.gz file gets lost (one package I took
over is in this situation), it's almost impossible to retrieve the
upstream version, rename everything exactly as the original
maintainer did, repack it, and have the same md5sum checksum.
Of course, this also means we cannot implement a automated system where
we can check the .orig.tar.gz files in our source distribution against
the upstream source distributions (located on well known web sites).
And forget implementing a system where upstream developers PGP sign
the checksums of their packages. Our current source packaging scheme
works mostly -- but in the long run it is going to open us up to
being infiltrated by "trojans".
Instead of having one type of source package, we should have two
different types:
Upstream source package (.upsdeb?):
- contains original "tarballs", patches, etc. in pristine format,
not renamed or anything
- control file lists files, renamed name, description, upstream
contacts, debian maintainer, section, etc.
- pgp signatures/checksums (if available)
- list of URL's (ftp and http) where pristine sources are
available - include multiple locations if possible
- LSM entries
Debian source package (.sdeb?):
- contains equivalent of .diff.gz and .dsc
- control files
- can depend on multiple upstream source packages
- can depend on having certain .deb's installed on
maintainers system
- fields currently in .dsc file
- list of .deb files generated (can generate multiple .debs)
- files in /debian directory (not patches)
- patches for upstream source packages
- debug directory to store alternate libraries with debugging
information linked in + debugging symbols and links. This
way we could hack together some scripts that would enable
anybody to start a debugging system on any Debian-based
executable on the system, and the appropriate source package,
debugging symbols, and source files could be pulled in off
the Internet automatically.
Debian binary package (.deb):
- control file lists .sdeb which generated it
In the source archive, the .upsdeb packages could be stored
in a separate directory "/upstream" below the directories where
.sdeb packages are stored.
ie.
/hamm/non-free/binary-i386/devel/jdk1.1-runtime_1.1.1-5.deb
/hamm/non-free/binary-i386/devel/jdk1.1-dev_1.1.1-5.deb
/hamm/non-free/binary-i386/docs/jdk1.1-docs_1.1.1-5.deb
/hamm/non-free/source/devel/jdk1.1_1.1.1-5.sdeb
/hamm/non-free/source/devel/upstream/jdk1.1_1.1.1.upsdeb
The .deb, .sdeb, and .upsdeb could all maintain the same basic
format (ie. an ar file, with a control.tar.gz section, and
a data.tar.gz section).
Comments?
Cheers,
- Jim
Attachment:
pgpNsd54ooalu.pgp
Description: PGP signature