[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian packages: single diff vs multiple patches (as in rpm)

On Tue, Dec 30, 2003 at 11:06:35AM -0500, Jay Berkenbilt wrote:

> Now I'm strongly considering making the switch to Debian and am
> evaluating moving my whole installation system over to dpkg.  dpkg
> seems superior to rpm in almost all respects (richer dependencies,
> better documentation, more robustness, apt, etc.), but there's one
> thing that bothers me.  When building an rpm, multiple source files
> and multiple patch files can be specified, and arbitrary commands can
> be used to extract sources and apply patches.  This makes it easy to
> build an rpm of a standard package with a handful of separately
> maintained patches applied.

While multiple patches are certainly advantageous (and are, I believe,
intended to be supported in the next version of the Debian source package
format), I don't like the idea of arbitrary commands to extract sources and
apply patches.  I very much prefer being able to unpack and examine the
source of a package without trusting the person who created it.

There are various systems used in Debian which pack multiple patches into
the Debian .diff (see dpatch, cdbs, etc.).

> As far as I can tell, a Debian package consists of a single source
> tarball and a single diff.  Is this right, or have I missed something?
> Coming from an rpm perspective, it seems to me that this would make it
> much more difficult to manage locally modified versions of packages.

I prefer to use CVS (see the cvs-buildpackage package) to maintain local
branches of Debian packages.  Since CVS doesn't separate patches either,
there isn't much lost there.

> Lastly, please feel free to correct my terminology if I'm using it
> incorrectly.  For example, is it correct to say dpkg-based rather than
> deb-based?

dpkg is a program which operates on Debian packages.  "deb" is a common
shorthand for the Debian binary package format.

 - mdz

Reply to: