[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Documentation for upstream software authors


Martin Schulze [2004-11-14 20:13 +0100]:
> Adrian 'Dagurashibanipal' von Bidder wrote:
> > I've just started http://wiki.debian.net/SoftwarePackaging, intended to 
> > collect thoughts of packagers how upstream developers can make the life of 
> > a packager easier.
> > 
> > I'm sure all packagers have wondered about "brain-dead" upstream developers 
> > who have not put much thought into how their software might be distributed 
> > in a pre-compiled/pre-configured package.  Compile-time options are one 
> > example, user-modifiable files outside of /etc are another, to name the two 
> > that I could think of just now.
> What comes to my mind:
>  - public version control (cvs, arch, svn) by upstream
>  - public development mailing list
>  - public availability of old and new versions at a defined location
>    (for watch files etc.)
>  - clean clean target
>  - don't distribute auto-generated files except for configure/autofoo
>    but add rules to the Makefile to generate them on-demand
>  - add a private mail address of the lead developer to the distributed
>    files (contrary to only a mailing list, this is important for security
>    problems that need to be discussed off the public first)
>  - configurability of path names (so that the pkg can be made FHS compatible
>    easily without loads of patches)
>  - an announce list and a packager list may also be helpful to notify
>    packages of new versions / security problems (private)

- Refrain from including source code from libraries which are
  externally available, or at least make it easy to use the external
  version of a library instead. Half a thousand copies of one and the
  same library scattered throughout Debian is an outright security

Martin Pitt                       http://www.piware.de
Ubuntu Developer            http://www.ubuntulinux.org
Debian GNU/Linux Developer       http://www.debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: