Re: This topic died off; any resolution?
On Wed, Mar 25 2009, Russ Allbery wrote:
> That still leaves open the question of what get-orig-source should do with
> a package that can't use uscan (unversioned upstream files, multiple
> upstream tarballs, upstream that uses only a VCS, etc.). Currently,
> Policy says that it should download and create a tarball of the most
> current upstream sources. I think that makes sense, but it's harder than
> doing the most recent blessed sources and might break a lot. It also
> leaves one without an easy way of duplicating exactly the tarball that was
> uploaded with the Debian package.
Well, getting the tarball uploaded with the debian package is
generally easy: you ask debian archives for it. Getting the latest
upstream tarball, espescially if it needs modification, in cases where
a simple uscan command won't cut the mustard, has no easy solution for
Now, an end user wanting to get a tarball that shipped with
debian, and one who does not trust the debian arvhive, but trusts their
copy of the debian source package, and thus the debian maintainer ---
err, this is a vanishlingly small audience. I mean, you trust the
debian source package, and the maintainer, to have prvded you a recipe
to reproduce the tarball that has been uploaded to the debian archives,
and yet you do not trust the debian archive ... weird.
I think there would be more people who just want to update their
debian package with the latest upstream sources, and want to know how
to do whatever the debian maintainr does to convert stuff from upstream
to the debian orig.tar.gz file -- and there is no easy workaround like
apt-get source for this use case.
A special rule in debian/rules to duplicate apt-get source for
people who are skeptical of thea rchive (and have an ill defined
attack vector thay are being paranoid about) -- or to provide
functionality that apt-get source is not a duplicate for?
For me, this is a no brainere. Ohter people's mileage has
If at first you don't succeed, redefine success.
Manoj Srivastava <firstname.lastname@example.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C