[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: native packages



Hi,

of course you are right. You (and others) probably got me wrong. The
.diff.gz system is great, availability of original tar balls also. For
the very most packages, this system is fit and ok. What I say is that,
for whatever reasons (for example upstream sources being in some very
strange format) has to create a .tar.gz file from scratch anyway, and
wants to do so, he should be able to create a non-native package without
a .diff.gz.

As _rene_ pointed out, even for him it would make sense to use diff.gz
if he releases debian packages more often than upstream versions come
in. But still - leave it to the maintainer.

I hope I made my point more clear :-)

nomeata


Am Di, den 13.04.2004 schrieb Henning Makholm um 0:05:
> Scripsit Joachim Breitner <nomeata@debian.org>
> 
> > probably just a corner case, but for packages that happen to have no
> > useful .tar.gz.orig (either because it is distributed as
> > .zip.foo.rar.uuenc.gpg or because a lot of stuff has to be removed for
> > legal reasons), it should be ok for the maintainer to just make one
> > .tar.gz file, and not to "invent" a diff.
> 
> I respectfully disagree. It is common courtesy to be open about what
> is the source file distributed by upstream and what is Debian's
> additions and modification. It makes life easier for anyone who cares
> about the difference and does not make life siginificantly harder for
> anyone.
> 
> Who cares about the difference, then? Well,
> 
> 1. The upstream author cares, if he is curious about how we're
>    treating his brainchild.
> 
> 2. The next maintainer (or NMUer) will care, as he tries to make sense
>    of the packaging.
> 
> 3. A technically savvy user cares, if he is trying to figure out why
>    the Debian package behaves differently from a package of the
>    software on another host - or if he is trying to decide whether to
>    report a bug (with a patch?) to the Debian BTS or directly
>    upstream.
> 
> 4. A paranoid user will care, if he has spent a lot of effort auditing
>    the upstream source code for his own FooOS build and now wants to
>    verify that the Debian package is trustworthy.
> 
> 5. Non-Debian users care that Debian offers a well-organised archive
>    of upstream sources of free software, which can often be compiled
>    on other platforms. This is kind of peripheral to the value we add,
>    but it is immensely useful at times (say, when I needed to compile
>    VCG on a RedHat machine, the upstream ftp site was dead, and the
>    Debian archive was the only place where source could be found). But
>    it only works well if one can get *original* source without added
>    debianisms that cannot easily be found or rolled back.
> 
> On the other hand, I don't see any material advantage in not
> distinguishing between the original and Debian additions.
> 
> -- 
> Henning Makholm                        "Nej, hvor er vi altså heldige! Længe
>                                       leve vor Buxgører Sansibar Bastelvel!"
-- 
Joachim "nomeata" Breitner
Debian Developer
  nomeata@debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C
  JID: joachimbreitner@amessage.de | http://people.debian.org/~nomeata

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


Reply to: