Re: Use bz2 not gz for orig.tar ?
* Drew Parsons <email@example.com> [070412 19:55]:
> But the question could be made more general. Why do we explicitly
> enforce gz compression at the moment, why couldn't we support *any*
> compression scheme that upstream developer or Debian maintainer might
> care to use?
Because it is a packaging format, and a package format should be well
defined. Having more than a specific set of compressions causes problems
for all kind of use cases (build systems that might want to unpack the
package outside of the build environment and thus in an older one,
people looking inside some or all packages, ...) and makes security
harder (having compressions supported that are used by everyone gives
hopes they are roughly checked for vulnerabilities, having everything
that anyone might want to use in it means to have some vulnerability in
there for sure.
Bernhard R. Link