Re: About a mass bug report not based on Sid or Jessie.

To: debian-devel@lists.debian.org
Subject: Re: About a mass bug report not based on Sid or Jessie.
From: Russ Allbery <rra@debian.org>
Date: Tue, 22 Apr 2014 11:36:52 -0700
Message-id: <[🔎] 87ha5lus6z.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 20140422174541.GA8308@cantor.unex.es> (Santiago Vila's message of "Tue, 22 Apr 2014 19:45:41 +0200")
References: <[🔎] 20140413224425.GA2889@falafel.plessy.net> <[🔎] 534BFAE0.2040207@debian.org> <[🔎] 20140414231509.GA28056@falafel.plessy.net> <[🔎] 87y4z778yr.fsf@windlord.stanford.edu> <[🔎] 87a9bjwuj0.fsf@mid.deneb.enyo.de> <[🔎] 87a9bjzm23.fsf@windlord.stanford.edu> <[🔎] 87vbu4dowd.fsf@mid.deneb.enyo.de> <[🔎] 87bnvv7qrc.fsf@windlord.stanford.edu> <[🔎] 87vbu33qem.fsf@mid.deneb.enyo.de> <[🔎] 87eh0qlbdx.fsf@windlord.stanford.edu> <[🔎] 20140422174541.GA8308@cantor.unex.es>

Santiago Vila <sanvila@unex.es> writes:
> On Mon, Apr 21, 2014 at 12:40:10PM -0700, Russ Allbery wrote:

>> There's no substitute for rebuilding from source.  :)  I used to be a
>> bit skeptical of that push for Autoconf and friends, but the more I've
>> worked with it, the more I've come around to the position that we
>> should treat the configure script the same way that we would treat *.o
>> files in the upstream source.

> If we go that route, that would mean removing configure and friends
> from .orig.tar.gz.

> Otherwise, we would be telling our users that the tarball is the source
> when that would not be completely true.

I don't see the logic behind this statement.  The tarball is the source,
plus some additional files that we ignore.  That's not inconsistent with
saying that the tarball is the source.

If there were (DFSG-free, of course) *.o files in the upstream
distribution, well, first I would question whether upstream knew what they
were doing.  But if they had some reason for that for the sake of
portability to other consumers of the tarball, like they do for the
configure script, I would shrug and ignore them and rebuild them in
Debian.  I wouldn't bother to repack the upstream source to remove them;
why should I?  They're harmless, as long as they're not used in the build.

I understand people who want to go to the effort of removing configure and
friends from the upstream tarball, but I disagree with them.  I think the
advantages of basing Debian packaging on the artifact signed and tagged by
upstream outweigh the disadvantages of ignoring some files in that
distribution and regenerating them during the build.

> I would rather autoreconf at dpkg-buildpackage time in such a way that
> you get an updated Debian source every time you make a new Debian
> release for such package (something like
> debian/patches/auroreconf.diff).

The one thing that we absolutely should *not* do is ship the results of
autoreconf as a diff.  That diff is (a) completely unreadable, (b) huge,
and (c) unstable across versions, which makes life incredibly painful for
people like the security team and the release team.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: About a mass bug report not based on Sid or Jessie.
  - From: Santiago Vila <sanvila@unex.es>

References:
- About a mass bug report not based on Sid or Jessie.
  - From: Charles Plessy <plessy@debian.org>
- Re: About a mass bug report not based on Sid or Jessie.
  - From: Matthias Klose <doko@debian.org>
- Re: About a mass bug report not based on Sid or Jessie.
  - From: Charles Plessy <plessy@debian.org>
- Re: About a mass bug report not based on Sid or Jessie.
  - From: Russ Allbery <rra@debian.org>
- Re: About a mass bug report not based on Sid or Jessie.
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: About a mass bug report not based on Sid or Jessie.
  - From: Russ Allbery <rra@debian.org>
- Re: About a mass bug report not based on Sid or Jessie.
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: About a mass bug report not based on Sid or Jessie.
  - From: Russ Allbery <rra@debian.org>
- Re: About a mass bug report not based on Sid or Jessie.
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: About a mass bug report not based on Sid or Jessie.
  - From: Russ Allbery <rra@debian.org>
- Re: About a mass bug report not based on Sid or Jessie.
  - From: Santiago Vila <sanvila@unex.es>

Prev by Date: Re: About a mass bug report not based on Sid or Jessie.
Next by Date: Re: Proposing amd64-hardened architecture for Debian
Previous by thread: Re: About a mass bug report not based on Sid or Jessie.
Next by thread: Re: About a mass bug report not based on Sid or Jessie.
Index(es):
- Date
- Thread