Re: How to cope with patches sanely

To: debian-devel@lists.debian.org
Subject: Re: How to cope with patches sanely
From: Charles Plessy <charles-debian-nospam@plessy.org>
Date: Sat, 2 Feb 2008 17:14:25 +0900
Message-id: <[🔎] 20080202081425.GA28885@kunpuu.plessy.org>
Reply-to: charles-debian-nospam@plessy.org
In-reply-to: <[🔎] 1201858969.15497.76.camel@dorfl.globalsuite.net>
References: <[🔎] 1201858969.15497.76.camel@dorfl.globalsuite.net>

Le Fri, Feb 01, 2008 at 11:42:49AM +0200, Lars Wirzenius a écrit :
> 
> At the moment, I can unpack a source package and then review it before I
> run anything. You propose to make things more complicated by having to
> review things before unpacking. I find that to be an unwanted,
> unnecessary, and _dangerous_ complication.
 
> We can create ways in which
> patches are applied by dpkg-source directly, for example, instead of
> having to run code from the package. That's the point of my
> participation in this sub-thread: to stop the _wrong_ way of
> implementing this.

Hi Lars, hi all,

Of course, the idea of having dpkg-source applying the relevant patches
trough its own routines is better than having it calling 'debian/rules
patch', for the security reasons you explained before.

I have reviewed bug #250202, which was nicely summarised by Russ Allbery
in early January, and tried to update the summary of our discussion on
the wiki and to integrate ideas from bug #250202.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=250202#335
http://wiki.debian.org/debian/patches

As said before, the direction that is currently taken at the Policy
level would be to require documenting how to "make the source ready for
editing" in a file called README.source. It would be recommended to
implement a 'patched' target that would take care of this.

The security issue you raised has also been noted in #250202, therefore
it is not proposed to automate the calling of this rule (in addition, it
would require to know the build-dependancies before unpacking, which is
not convenient).

So I guess that if you like your idea of implementing patching natively
in dpkg-source, it is recommended to contribute it to the discussion of
bug #250202.


There is another possibility that has been suggested, which is to build
the source package with the patched sources. An immediate side-effect of
this is that it overloads the .diff.gz, but such kind of overloading has
apparently been tolerated in other cases, in particular for packages
using autoconf/autmake, so why not?


Lastly, I would like to ask a quesiton about Wig&Pen: as it would be
illegal to provide both a .diff.gz and a .debian.tar.gz file at the same
time (http://www.dpkg.org/dpkg/NewSourceFormat), it seems that it
matches well the debian/patches workflow, except that the trick of
patching the sources at clean time would not work anymore. But the
biggest problem may be that unless I missed something, there was no
clear answer when it was asked if somebody was woring on Wig&Pen.

Is there sombody working on Wig&Pen? Is the format consensual enough
that it would be accepted in Debian?

Have a nice day,

-- 
Charles Plessy
http://charles.plessy.org
Wakō, Saitama, Japan

Reply to:

Follow-Ups:
- dpatch and "diff -u"
  - From: Osamu Aoki <osamu@debian.org>
- Re: How to cope with patches sanely
  - From: Sune Vuorela <nospam@vuorela.dk>
- Re: How to cope with patches sanely
  - From: Russ Allbery <rra@debian.org>
- Re: How to cope with patches sanely
  - From: Raphael Hertzog <hertzog@debian.org>

References:
- Re: How to cope with patches sanely
  - From: Lars Wirzenius <liw@iki.fi>

Prev by Date: Package synopsis: appositive clause, not full sentence (was: Bug#463666: ITP: tomoe -- Tomoe - A handwriting recognition engine)
Next by Date: Re: How to cope with patches sanely
Previous by thread: Re: How to cope with patches sanely
Next by thread: dpatch and "diff -u"
Index(es):
- Date
- Thread