Re: automatically maintaining/tracking repackaged upstream tarballs
On 23/04/14 01:09, Paul Wise wrote:
> On Wed, Apr 23, 2014 at 4:40 AM, Daniel Pocock wrote:
>
>> Given all the recent issues with popular packages containing minified
>> JavaScript and other sourceless files, I'm hoping to get feedback from
>> people about how the solution can be generalized to help as many
>> developers as possible.
> You may have missed the fact that uscan now supports removing files
> specified by the Files-Excluded field in debian/copyright when it
> repacks archives.
>
>> In the Java world, some of these things stick out like a sore thumb
>> (e.g. copies of junit or other *.jar files in upstream tarball) - it is
>> not hard to extrapolate this to match other patterns though.
> If they are automatically detectable, please submit bugs or patches to
> lintian about support for detecting them.
>
Some of this is in "wishlist" territory though:
- could/should uscan be run centrally, e.g. creating a pool of +dfsg
tarballs on alioth?
- uscan is only for existing packages - should it be generalized to also
read directly from watch files that are not in a source package?
Reply to: