Re: Bug#466550: Pristine source from upstream VCS repository
On Sun, Mar 15 2009, Steve Langasek wrote:
> On Sun, Mar 15, 2009 at 06:48:11PM -0500, Manoj Srivastava wrote:
>> On Thu, Mar 12 2009, Russ Allbery wrote:
>> Given that we already have a tool that can download upstream
>> sources, with or without mangling, and can be used by facilities
>> outside of the unpacked Debian source package to determine if there was
>> new versions and to download unmangled versions, is there any need to
>> retain the get-orig-source target at all?
> I have get-orig-source targets that verify the upstream detached gpg
> signatures before repacking the tarballs. Is there a way to do that with
There is no limit on what your user specified script can
do. Given a version number, you can still download the hash and test
it. No sweat.
>> I mean, this seldom implemented target is duplicating an existing and
>> widely used facility in Debian; and removing the target from the policy
>> will advance the laudable goal of stripping the policy of cruft.
> Well, I doubt more people are using uscan mangling than are using
> get-orig-source, really; so I don't think that facility is "widely used".
There are far many more watch files in packages than there are
get-orig-source targets in rules files, so yes, uscan is far more
widely used. As I said elsewhere in this thread, mangling is not widely
enough automated to say anything one way or the other about practices
> But that's not an argument against dropping get-orig-source from policy,
> either, if we think there's something better.
I am still open to discussion of that. I do not have any
packages anymore that are not now served by uscan -- apart from the
cases where the is no upstream tarball at all.
> If get-orig-source is going to be dropped from policy, I think there
> should be some replacement language encouraging the use of uscan with
> support for any necessary mangling.
The one case that is not supported is the equivalent of
repo=$(egrep '^VCS-Git: ' debian/control | perl -pli -e 's/^VCS-Git: +//i')
git clone --depth 10 $repo <pkg>-<ver>
tar -zcf <pkg>_<uver>.orig.tar.gz --exclude .gitmodules --exclude-vcs \
I agree that uscan is not meant to do things like that for
various VCS', and one where getting a specific version from the repo
could be useful, and might need to be setup by the human packaging
I would not be against a recommendation in policy to implement
direct-from-vcs upstream tarballs to be created vbia get-orig-source,
and everyone else just use debian/watch and debian/urepack files.
This will give get-orig-source a purpose, and one that is not
met already by tools we all use anyway.
There's no use in having a dog and doing your own barking.
Manoj Srivastava <firstname.lastname@example.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C