[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal: New source format (was Re: [Fwd: Re: dpkg question])

[ Please don't Cc: public replies to me. ]

Joey Hess:
> Not really. You could handle it just like redhat does in the srpm files: you 
> have a shell script that is responsible for unpacking the package into a 
> specific directory and applying all patches to it.

That would make it potentially dangerous to unpack a Debian source
package. Not a good idea, I think.

> wouldn't it be enough to allow people to view the unpack script before 
> they use it to unpack the package?

They might not understand enough about shell scripts (or Perl, or
whatever the script is written in) and whatever tools the script uses
to make an informed decision of whether the script is safe. With the
current scheme, they only have to trust gzip, tar, patch, and chmod,
if they unpack it manually. Also, with the current scheme it is
_simple_ to unpack it manually, and the method is always the same.

You might want to unpack a source package for other reasons than
to build it -- e.g., I've sometimes searched for documentation. A
non-programmer might want to do this so that they can typeset the
documentation in LaTeX, instead of printing out the LaTeX2HTML'd

> I think some of the proposals have included having two source packages, one
> for upstream source, one for the debian patches and files.

At least Klee mentioned having a single package. (And it's OK
to bring it up in discussion, and I'm not complaining that it
was mentioned, but I want to make it really, really clear that
I think it's a really, really bad idea.)

> I really feel that debian's source package system is broken in a lot of
> ways. I've spent way too much time fighting with it when I needed to modify
> a "binary file"

I acknowledge the problems with the current scheme, and I wish
I had solutions. On the other hand, I wish I had a list of the
problems, so that I could think of a solution. I've started an
informal list, based on this thread. I'll post it and solicit

Please read <http://www.iki.fi/liw/mail-to-lasu.html> before mailing me.
Please don't Cc: me when replying to my message on a mailing list.

Attachment: pgpJZBcGIiW5z.pgp
Description: PGP signature

Reply to: