Re: quilt 3.0 source format and dpkg-source/dpkg-buildpackage
Charles Plessy <firstname.lastname@example.org> writes:
> In my opinion, much of the current disagreements come from two false needs:
> * Apply patches so that dpkg-source -x gives buildable source.
That was the need that had as much or more project consensus as anything
else on my list, and as I recall was the impetus for doing the whole
next-generation source format work in the first place.
> I remember the discussion that took place during DEP1 preparation. It
> already had the outcome that the main patch systems converged on a
> common interface:
> - Store the patches in debian/patches;
> - Apply them with ‘debian/rules patch’;
> - Document specificities in debian/README.source.
If I'm not mistaken, that convergence and standardization actually
happened *after* the 3.0 work was mostly finished. Certainly after the
> There were some concerns that applying patches through debian/rules
> could be a security hole. In my opinion – that I already expressed in
> the DEP1 discussion – given that 1) dpkg-source will not extract
> packages that are not GPG-trusted,
Eh? I'm fairly sure it does for me, although it prints a warning.
> Personnaly, I am completely unconvinced of the necessity of applying
> patches at unpack time, nor of standardising on one particular patch
> implementation instead of using a clear patch interface as the one above
> (parts of which being already in the Debian Policy). If I am not the
> only one having this concern, maybe we could ask the technical comittee
> to give us its conclusions on this matter. I am ready to follow it.
I personally don't have a strong opinion, but there were a lot of people
who felt this was important during the initial discussions.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>