At least the following have been pointed out as problems with the current (source) packaging scheme. I'm not commenting on what the proper solution to each problem is, and I wish no-one else would, either, just so that we could, for once, avoid the Debian-typical design-by-mail-flood. :) I _do_ ask everyone to add things to the list (via private mail to me -- I'll summarize -- or on this list). Or point out non-problems, of course. * .orig.tar.gz gets separated from .dsc and .diff.gz, and may get lost * upstream sources not preserved bit-for-bit; need to be repackage, which can destroy upstream digital signatures, and makes it more difficult to check that .orig.tar.gz and upstream sources are the same * no automated way to check .orig.tar.gz files against upstream distribution (located on well known web sites), or upstream digital signature, if any * Debian packages are not PGP-signed by the Debian maintainer, except via the .dsc file. * no way to automatically retrieve the upstream source package, or its updates * no dependencies for source packages * binary files are handled badly * upstream sources sometimes come in many different files * building a binary package requires running as root -- Please read <http://www.iki.fi/liw/mail-to-lasu.html> before mailing me. Please don't Cc: me when replying to my message on a mailing list.
Attachment:
pgpLjbkxGxUvM.pgp
Description: PGP signature