Re: git as a source package format?
Many of the comments from different people are very useful (and they are
things that were hinted at in the original email)
One thing not clear is whether people thought I was referring to using
upstream repositories or alioth repositories (only containing commits
from the maintainer) as the content of such source packages. Bernhard,
could you comment on what you understood my intention was?
On 03/05/13 18:50, Bernhard R. Link wrote:
> * Daniel Pocock <email@example.com> [130501 21:28]:
>> Would there be any hard objection to a source package format based on
> I think a git based source package has quite some problems.
> - failing to properly make changes visible
> While you can express every history-graph in git, that is not an
> advantage. Changes relative to upstream sources found in a Debian
> source package should not only be present by recording history,
> but as many people as possible should be able to see what is
> actually changed in the package, and to reuse those changes elsewhere
> (either as upstream or sidestream).
> Debian is not like the BSDs that just import some source into their
> CVS, make modifications at will, sometimes merge a new upstream
> version and some years later the only way to see what they changes is
> doing a full diff and hope you can isolate some of the changes.
> We do not fork but want the changes we need either upstream or also
> useable by other. Other distributions and users not using Debian are
> not our enemies, but partners towards a general advance of free software.
> While you can use git to keep changes in a way to make them reviewable
> and ready to transmit them elsewhere (git rebase -i is great), if you
> have that information ready then generating a "3.0 (quilt)" package is
> trivial, and having changes expressed the same way in different
> packages makes it easier for everyone to find the information.
> (At least any other format should come with a way to support being show
> at patch-tracker.debian.org).
>  They might have changed. It has been a long time since I looked.
> - hiding stuff in obscure formats
> While a git-bundle is a format that is not that complicated to use
> once you are used to it, even the average git user will rarely know
> how to handle it manually. That means people not having the Debian
> tools available can hardly do anything with them on their own.
> Additionally needing to have some special VCS installed to look at
> a specific program can be a huge burden. While git got quite a decent
> pervasiveness now, not everyone has it and with the next hype it might
> equally fast being gone again.
> At least using such a git format should be absolutely forbidden if
> upstream uses any other free VCS. (I've seen packages in Debian that
> used one VCS, having upstream some inter-distribution working group
> that used anyother VCS that finaly was based on some big comercial
> player that published the free version on yet another VCS. That's
>> In other words, dpkg-source would extract all repository history (or all
>> of the branch used to build the package) using the git-bundle command.
>> The bundle file would then be uploaded to the FTP server instead of a
>> traditional source tarball.
>> A slight variation of this idea is that the repository would be cloned
>> into a temporary bare repo, and that bare repo would be tarred up and
>> the tarball would become the source upload.
> - legal problems
> if you have all the history it is practically unreviewable for
> undistributeable stuff, and if that stuff is old enough, it is usually
> quite hard to get it out of the history. (There is filter-branch, but
> one does not take such an approach lightly).
> This is not a big problem for having those at alioth or other
> sides (You'll have to ask a lawyer, but I'd guess the ill effects
> are either limited to Debian losing all their money or only the
> team/uploader it is in. And likely alioth admins can just remove
> the git repository there in case something is found or someone sues
> and thereby reduce any penalties perhaps even till none are left.
> But the source packages are found on DVDs and mirrors all over the
> world. Many people help us distributing Debian. We owe them to do
> out best to keep them out of legal trouble for doing so.
> And source is what people need to actually make use of many of
> the software (especially GPL). People providing stuff based on
> Debian (be it pre-installed computers, appliances based on Debian,
> distributions based on Debian, ...) need to have the source ready
> to do so. If they use Debian binary packages, just keeping the
> Debian source package is the obvious way. Unless we switch to a
> source format where those can no longer be legally distributed.
>> Then again, some of that behavior could be achieved by creating an
>> `apt-get vcs-clone' function to read the Vcs control fields and make a
>> clone for a traditional source package's repo.
> sudo apt-get install devscripts
> debcheckout source-package-name
> Bernhard R. Link