[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian violates GPL?

Tommi Virtanen <tv@debian.org> writes:

> 	Just one more question: will cvs-buildpackage & co use the
> 	*original* .tar.gz, or will they just do a cvs co && tar czf?
> 	Quite often having the upstream source replicated bit-by-bit
> 	is important; md5sums of .tgz are often used to check for
> 	trojan horses.

cvs-buildpackage untars the tree so it can put it under CVS, so
reconstructing the upstream tarfile does require re-tarring it.  This
means that gzip/tar differences could make the resulting tarfiles
slightly different, though the contents should be bit-for-bit
identical.  This is a drawback, but not one I can see a good way

Rob Browning <rlb@cs.utexas.edu> PGP=E80E0D04F521A094 532B97F5D64E3930

Reply to: