[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to cope with patches sanely

On to, 2008-01-31 at 23:17 +0900, Charles Plessy wrote:
> I do not know if it would be reasonnable to extend the scope of the
> discussion to third-party packages.

Third-party packages such as... sponsored uploads?

The process you propose for verifying that a source package can be
safely unpacked is complicated and error-prone and wrong[1], so I don't
think we should consider it as a solution.

That sounds harsh, and I apologize for that, but I cannot see a way to
express it more politely without leaving room for negotation for
refinements. I cannot see a reason to change the Debian source package
format and its unpacking procedure such that it becomes less safe to do
than it is now.

I'd rather continue the current madness of having a dozen different ways
of getting the source patched and ready for changing. Safety and
security before convenience.

[1] It's not enough to examine the .diff.gz before unpacking to see what
unpacking will do. The troublesome files may be in the .orig.tar.gz as
well. So essentially one would need to do a full code review before
unpacking.
Reply to: