Re: How to handle Debian patches
On Saturday 17 May 2008, Manoj Srivastava wrote:
> On Sat, 17 May 2008 00:19:59 +0300, George Danchev <firstname.lastname@example.org> said:
> > I personally don't think there is any need for new infrastrutures. We
> > only need to follow some simple rules, i.e. orig.tar.gz should be
> > really the original upstream source; diff.gz (debian/patches/
> > included) is what the debian developer added to it.
> This is exactly what happened in the openssl case (modulo
Not true. openssl packaging didn't and still does not use clearly identified
diff files in debian/patches/.
> Indeed, this is already the recommendation: use
> pristine upstream, unless they have added non-dfsg materials, or
> something, and _all_ debian changes live in the diff.gz.
> Following this simple rule is what we normally do.
A large number of packages do not follow that simple rule, but patching the
orig.tar.gz instead. Then comes even more, even Ben Laurie (as he writes in
his blog) with all his aggression missed to find the debian's pkg-openssl VCS
repo  unless he has been helped by someone at some point. I'm not against
the VCS repo (I myself use some for my packaging), I just claim that you can
expect that random upstream developers and random debian users know about it,
they need instead extremely simple and stable interfaces to access the
changes to their upstream source currently found in Debian archive, and we
already have that for years.
P.S. Don't get me wrong I don't blame the DD.
pub 4096R/0E4BD0AB 2003-03-18 <people.fccf.net/danchev/key pgp.mit.edu>
fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB