[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packaging: handling "private" libraries

On Sun, 11 Nov 2007, David Paleino wrote:

Could you please upload your stuff to mentors.debian.net?

Upstream is 37Mb, won't upload it ;)

Our policy for Debian-Med repository is to not upload upstream tarballs -
especially n ot those huge ones ...

I've added a "get-orig-source" target to debian/rules to get it.


Be careful that bioimagesuite_latest* would need bioimagesuite_extra* (to be
downloaded from the same website): this latter package merely contains the lib*
packages bioimagesuite already depends on (vtk-tcl, ...)

Moreover, you just get the original tarball. Renaming
to package_version.orig.tar.gz is still a manual thing (the upstream tarball
doesn't contain the version).

Just downloaded the tarball.  The upstream policy has several drawbacks:

  0. It's just useless to password-protect GPLed software download.
     Please make sure that you give upstream a hint that an upload to
     the Debian-mirror will "undermine" their policy.  I think we are
     perfectly allowed to distribute it given it is GPLed, but I'd
     consider it to be polite to the authors to tell them about the
     consequence of a distribution by Debian.

  1. Watch file will not work.  Just also tell this to upstream that
     we could not really make sure to provide their latest version if
     they do not change their way of distributing the source.

  2. Without proper versioning we have a second reason that we can
     not provide a reasonable watch file.  In addition it is just no
     good style to leave out the version number - also for other users.

Did you told this to upstream?  Feel free to foreward this mail if you
feel it is reasonable.

Back to creating the orig.tar.gz: I added a get-orig-source script that
parses debian/changelog for the verison number and rebuilds upstream package
with apropriate version numbering.

Kind regards



Reply to: