Re: How to include information about a source package ?

To: debian-mentors@lists.debian.org
Subject: Re: How to include information about a source package ?
From: Bart Martens <bartm@knars.be>
Date: Sun, 30 Apr 2006 08:21:48 +0200
Message-id: <20060430062148.GA8182@localhost>
In-reply-to: <87d5f0drzy.fsf@windlord.stanford.edu>
References: <20060428212050.GA4797@gevaerts.be> <200604292141.09328.danchev@spnet.net> <87u08cdwx0.fsf@windlord.stanford.edu> <200604292217.45480.danchev@spnet.net> <87d5f0drzy.fsf@windlord.stanford.edu>

On Sat, Apr 29, 2006 at 01:52:17PM -0700, Russ Allbery wrote:
> If I were sponsoring a -1 release of a package in which the maintainer
> repackaged the upstream source, which is what I was originally
> addressing, I would read the implementation of that target, read the
> information in debian/copyright about why they repackaged the source,

A description of why and how the source was repackaged, should go in
"README.Debian-source or a similar file".  Copyright and distribution
license(s) information should go in debian/copyright.  I don't think
that other information belongs in debian/copyright.
http://www.debian.org/doc/manuals/developers-reference/ch-best-pkging-practices.en.html#s-bpp-origtargz
http://www.debian.org/doc/debian-policy/ch-docs.html#s-copyrightfile

> run the target, and
> compare the results of the target with the .orig.tar.gz that they were
> using.  That would replace the normal sponsoring check of downloading the
> upstream tarball and checking with cmp that it is identical to the
> .orig.tar.gz.

The sponsor should compare the upstream .tar.gz and the .orig.tar.gz
with md5sum.  If the MD5 checksum differs, then the sponsor should
unpack both files and compare with "diff -ruN" or something like that.
Each difference should be documented in "README.Debian-source or a
similar file".  The get-orig-source may be convenient to do less typing
and to quickly understand how the .orig.tar.gz was created, but
basically, the sponsor should still verify in detail whether each
difference is appropriate.

> In all cases, I don't see much purpose in having a separate
> README.Debian-source document.

Well, it was a choice made in the past.  In my opinion it was a good
choice.  But feel free to discuss this again, and have the Debian
Reference changed about this.

> Maybe if the repackaging were so complex
> so as to not be representable in a debian/rules get-orig-source target.

Repackaging upstream sources should be exceptional.  Also, verifying a
repackaged .orig.tar.gz needs full attention anyway, so doing the
repackaging manually to verify is good anyway.

I guess that such get-orig-source target is still interesting because it
encourages to describe very precise how the .orig.tar.gz was created.
Its existence could be mentioned in "README.Debian-source or a similar
file".

Reply to:

Follow-Ups:
- Re: How to include information about a source package ?
  - From: Russ Allbery <rra@debian.org>

References:
- How to include information about a source package ?
  - From: Frank Gevaerts <frank@gevaerts.be>
- Re: How to include information about a source package ?
  - From: George Danchev <danchev@spnet.net>
- Re: How to include information about a source package ?
  - From: Russ Allbery <rra@debian.org>
- Re: How to include information about a source package ?
  - From: George Danchev <danchev@spnet.net>
- Re: How to include information about a source package ?
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: How to include information about a source package ?
Next by Date: Re: How to include information about a source package ?
Previous by thread: Re: How to include information about a source package ?
Next by thread: Re: How to include information about a source package ?
Index(es):
- Date
- Thread