[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: This topic died off; any resolution?

On Wed, Mar 25 2009, Russ Allbery wrote:

> That still leaves open the question of what get-orig-source should do with
> a package that can't use uscan (unversioned upstream files, multiple
> upstream tarballs, upstream that uses only a VCS, etc.).  Currently,
> Policy says that it should download and create a tarball of the most
> current upstream sources.  I think that makes sense, but it's harder than
> doing the most recent blessed sources and might break a lot.  It also
> leaves one without an easy way of duplicating exactly the tarball that was
> uploaded with the Debian package.

        Well, getting the tarball uploaded with the debian package is
 generally easy: you ask debian archives for it. Getting the latest
 upstream tarball, espescially if it needs modification, in cases where
 a simple uscan command won't cut the mustard, has no easy solution for
 an enduser.

        Now, an end user wanting to get a tarball that shipped with
 debian, and one who does not trust the debian arvhive, but trusts their
 copy of the debian source package, and thus the debian maintainer ---
 err, this is a vanishlingly small audience. I mean, you trust the
 debian source package, and the maintainer, to have prvded you a recipe
 to reproduce the tarball that has been uploaded to the debian archives,
 and yet you do not trust the debian archive ... weird.

        I think there would be more people who just want to update their
 debian package with the latest upstream sources, and want to know how
 to do whatever the debian maintainr does to convert stuff from upstream
 to the debian orig.tar.gz file -- and there is no easy workaround like
 apt-get source for this use case.

        A special rule in debian/rules to duplicate apt-get source for
 people who are skeptical of thea rchive (and have an ill defined
 attack vector thay are being paranoid about) -- or to provide
 functionality that apt-get source is not a duplicate for?

        For me, this is a no brainere. Ohter people's mileage has
 evidently varied.

If at first you don't succeed, redefine success.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: