Re: git as a source package format?
* Daniel Pocock <firstname.lastname@example.org> [130501 21:28]:
> Would there be any hard objection to a source package format based on
I think a git based source package has quite some problems.
- failing to properly make changes visible
While you can express every history-graph in git, that is not an
advantage. Changes relative to upstream sources found in a Debian
source package should not only be present by recording history,
but as many people as possible should be able to see what is
actually changed in the package, and to reuse those changes elsewhere
(either as upstream or sidestream).
Debian is not like the BSDs that just import some source into their
CVS, make modifications at will, sometimes merge a new upstream
version and some years later the only way to see what they changes is
doing a full diff and hope you can isolate some of the changes.
We do not fork but want the changes we need either upstream or also
useable by other. Other distributions and users not using Debian are
not our enemies, but partners towards a general advance of free software.
While you can use git to keep changes in a way to make them reviewable
and ready to transmit them elsewhere (git rebase -i is great), if you
have that information ready then generating a "3.0 (quilt)" package is
trivial, and having changes expressed the same way in different
packages makes it easier for everyone to find the information.
(At least any other format should come with a way to support being show
 They might have changed. It has been a long time since I looked.
- hiding stuff in obscure formats
While a git-bundle is a format that is not that complicated to use
once you are used to it, even the average git user will rarely know
how to handle it manually. That means people not having the Debian
tools available can hardly do anything with them on their own.
Additionally needing to have some special VCS installed to look at
a specific program can be a huge burden. While git got quite a decent
pervasiveness now, not everyone has it and with the next hype it might
equally fast being gone again.
At least using such a git format should be absolutely forbidden if
upstream uses any other free VCS. (I've seen packages in Debian that
used one VCS, having upstream some inter-distribution working group
that used anyother VCS that finaly was based on some big comercial
player that published the free version on yet another VCS. That's
> In other words, dpkg-source would extract all repository history (or all
> of the branch used to build the package) using the git-bundle command.
> The bundle file would then be uploaded to the FTP server instead of a
> traditional source tarball.
> A slight variation of this idea is that the repository would be cloned
> into a temporary bare repo, and that bare repo would be tarred up and
> the tarball would become the source upload.
- legal problems
if you have all the history it is practically unreviewable for
undistributeable stuff, and if that stuff is old enough, it is usually
quite hard to get it out of the history. (There is filter-branch, but
one does not take such an approach lightly).
This is not a big problem for having those at alioth or other
sides (You'll have to ask a lawyer, but I'd guess the ill effects
are either limited to Debian losing all their money or only the
team/uploader it is in. And likely alioth admins can just remove
the git repository there in case something is found or someone sues
and thereby reduce any penalties perhaps even till none are left.
But the source packages are found on DVDs and mirrors all over the
world. Many people help us distributing Debian. We owe them to do
out best to keep them out of legal trouble for doing so.
And source is what people need to actually make use of many of
the software (especially GPL). People providing stuff based on
Debian (be it pre-installed computers, appliances based on Debian,
distributions based on Debian, ...) need to have the source ready
to do so. If they use Debian binary packages, just keeping the
Debian source package is the obvious way. Unless we switch to a
source format where those can no longer be legally distributed.
> Then again, some of that behavior could be achieved by creating an
> `apt-get vcs-clone' function to read the Vcs control fields and make a
> clone for a traditional source package's repo.
sudo apt-get install devscripts
Bernhard R. Link