[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Problems with the current source packaging scheme

At least the following have been pointed out as problems with
the current (source) packaging scheme. I'm not commenting
on what the proper solution to each problem is, and I wish
no-one else would, either, just so that we could, for once,
avoid the Debian-typical design-by-mail-flood. :)

I _do_ ask everyone to add things to the list (via private mail
to me -- I'll summarize -- or on this list). Or point out non-problems,
of course.

* .orig.tar.gz gets separated from .dsc and .diff.gz, and may get lost

* upstream sources not preserved bit-for-bit; need to be repackage, which
  can destroy upstream digital signatures, and makes it more difficult to
  check that .orig.tar.gz and upstream sources are the same

* no automated way to check .orig.tar.gz files against upstream distribution
  (located on well known web sites), or upstream digital signature, if any

* Debian packages are not PGP-signed by the Debian maintainer, except via the
  .dsc file.

* no way to automatically retrieve the upstream source package, or its

* no dependencies for source packages

* binary files are handled badly

* upstream sources sometimes come in many different files

* building a binary package requires running as root

Please read <http://www.iki.fi/liw/mail-to-lasu.html> before mailing me.
Please don't Cc: me when replying to my message on a mailing list.

Attachment: pgpLwxLH9VhEl.pgp
Description: PGP signature

Reply to: