[ Please don't Cc: public replies to me. ] Jim Pick: > That way, the unzip package would have to be installed before you could > use the package. Elegant, eh? And it's already implemented inside > dpkg. I don't think so. The point of keeping an unmodified copy of the upstream sources is to increase security by allowing PGP-signatures and whatnot to work. If you then run random, unknown programs to unpack the package, you're throwing away any security gained, and more. You also make it unnecessarily difficult to unpack source packages on non-Debian systems. The upstream PGP-signatures needs to be solved in another way. > shell statements inside the debian/rules makefile would be able to > retrieve them and unpack them. This is what I'm quite determined to avoid. I do _not_ want to depend on Debian maintainers being infallible and non-malicious, at least not so much that I can't even unpack a Debian source package without endangering my system. If Red Hat does this, they're broken. > I didn't. Please re-read my proposal (more slowly this time). :-) Klee did. I wasn't commenting your proposal in particular. (Anyway, I'd rather start with an explicit list of problems with the current system than an implicit list derived from the suggestions and a flood of messages on the topic.) > Klee favours having a simple .sdeb and no upstream .upsdeb's. I think > we need to debate this some more. Well, my mind's decided. Bandwidth costs, cross-Atlantic especially, and the trivial inconvenience of having three files instead of one is very well worth it in real money. > I think you missed the point -- this system enables a single source > tree. The current system can be a single tree as well (put all source packages in one directory, and do a loop with "dpkg-source -x", and "dpkg-buildpackage -rsudo -uc -us"), but both systems are pretty far from the BSD source tree, I think. But that's beside my point -- there's so much other work to do at the moment that I don't think big changes the source packaging format at this point will improve things. > Actually, I think the scheme I proposed is actually very incremental, It would change all source package file formats, and all tools relevant to source packaging, and would require our developers to learn to deal with a third source packaging format. A bit too much of an increment for me. :-) -- Please read <http://www.iki.fi/liw/mail-to-lasu.html> before mailing me. Please don't Cc: me when replying to my message on a mailing list.
Description: PGP signature