On Thu, 05 Oct 2017 12:39:42 -0500, Gunnar Wolf wrote: > Ian Jackson dijo [Thu, Oct 05, 2017 at 01:29:16PM +0100]: > > I have also heard of packages which do "apt-get source" in their rules > > files. [..] > > Of course it would be better if we had a more declarative way of > > saying "this package needs foo.deb to build - and we mean the .deb, > > not for foo to be installed", and the corresponding "this package > > needs the source code for bar". But this is rather a niche, and it > > doesn't seem to cause trouble in practice. So AFAICT it's no-one > > priority. > > UGH. > > I am not convinced this use case should be supported - Even if the > software providers are ourselves, which we trust not to trojan our own > goodies, this still allows for a great deal of nondeterminism. If the > "apt-get source"d package is updated, the build might not work anymore > or might yield different results. True but this is the same as when a package in Build-Depends(-Indep) changes. In practice I've had the case where an unpacked .deb (instead of an installed one) would have been enough, and I also have a use case for a source package: libdatetime-timezone-perl could be binNMUd [0] against newer versions of the tzdata source package instead of someone manually doing the dance of downloading the tzdata upstream tarballing, turning it into .pm files and creating a huge quilt patch. Cheers, gregor [0] if we had binNMUs for arch:all packages -- .''`. https://info.comodo.priv.at/ - Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- NP: Willi Resetarits + Stubnblues: de w
Attachment:
signature.asc
Description: Digital Signature