[ Please don't Cc: public replies to me. ] Joey Hess: > Not really. You could handle it just like redhat does in the srpm files: you > have a shell script that is responsible for unpacking the package into a > specific directory and applying all patches to it. That would make it potentially dangerous to unpack a Debian source package. Not a good idea, I think. > wouldn't it be enough to allow people to view the unpack script before > they use it to unpack the package? They might not understand enough about shell scripts (or Perl, or whatever the script is written in) and whatever tools the script uses to make an informed decision of whether the script is safe. With the current scheme, they only have to trust gzip, tar, patch, and chmod, if they unpack it manually. Also, with the current scheme it is _simple_ to unpack it manually, and the method is always the same. You might want to unpack a source package for other reasons than to build it -- e.g., I've sometimes searched for documentation. A non-programmer might want to do this so that they can typeset the documentation in LaTeX, instead of printing out the LaTeX2HTML'd version. > I think some of the proposals have included having two source packages, one > for upstream source, one for the debian patches and files. At least Klee mentioned having a single package. (And it's OK to bring it up in discussion, and I'm not complaining that it was mentioned, but I want to make it really, really clear that I think it's a really, really bad idea.) > I really feel that debian's source package system is broken in a lot of > ways. I've spent way too much time fighting with it when I needed to modify > a "binary file" I acknowledge the problems with the current scheme, and I wish I had solutions. On the other hand, I wish I had a list of the problems, so that I could think of a solution. I've started an informal list, based on this thread. I'll post it and solicit comments. -- Please read <http://www.iki.fi/liw/mail-to-lasu.html> before mailing me. Please don't Cc: me when replying to my message on a mailing list.
Description: PGP signature