Re: Debian violates GPL?
Tommi Virtanen <firstname.lastname@example.org> writes:
> Just one more question: will cvs-buildpackage & co use the
> *original* .tar.gz, or will they just do a cvs co && tar czf?
> Quite often having the upstream source replicated bit-by-bit
> is important; md5sums of .tgz are often used to check for
> trojan horses.
cvs-buildpackage untars the tree so it can put it under CVS, so
reconstructing the upstream tarfile does require re-tarring it. This
means that gzip/tar differences could make the resulting tarfiles
slightly different, though the contents should be bit-for-bit
identical. This is a drawback, but not one I can see a good way
Rob Browning <email@example.com> PGP=E80E0D04F521A094 532B97F5D64E3930