Re: debian packages: single diff vs multiple patches (as in rpm)
On Tue, Dec 30, 2003 at 11:06:35AM -0500, Jay Berkenbilt wrote:
> Now I'm strongly considering making the switch to Debian and am
> evaluating moving my whole installation system over to dpkg. dpkg
> seems superior to rpm in almost all respects (richer dependencies,
> better documentation, more robustness, apt, etc.), but there's one
> thing that bothers me. When building an rpm, multiple source files
> and multiple patch files can be specified, and arbitrary commands can
> be used to extract sources and apply patches. This makes it easy to
> build an rpm of a standard package with a handful of separately
> maintained patches applied.
While multiple patches are certainly advantageous (and are, I believe,
intended to be supported in the next version of the Debian source package
format), I don't like the idea of arbitrary commands to extract sources and
apply patches. I very much prefer being able to unpack and examine the
source of a package without trusting the person who created it.
There are various systems used in Debian which pack multiple patches into
the Debian .diff (see dpatch, cdbs, etc.).
> As far as I can tell, a Debian package consists of a single source
> tarball and a single diff. Is this right, or have I missed something?
> Coming from an rpm perspective, it seems to me that this would make it
> much more difficult to manage locally modified versions of packages.
I prefer to use CVS (see the cvs-buildpackage package) to maintain local
branches of Debian packages. Since CVS doesn't separate patches either,
there isn't much lost there.
> Lastly, please feel free to correct my terminology if I'm using it
> incorrectly. For example, is it correct to say dpkg-based rather than
dpkg is a program which operates on Debian packages. "deb" is a common
shorthand for the Debian binary package format.