[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to include information about a source package ?

On Sunday 30 April 2006 12:41, Bart Martens wrote:
> On Sun, Apr 30, 2006 at 12:05:19AM -0700, Russ Allbery wrote:
> > Bart Martens <bartm@knars.be> writes:
> > > http://www.debian.org/doc/manuals/developers-reference/ch-best-pkging-p
> > >ractices.en.html#s-bpp-origtargz
> > > http://www.debian.org/doc/debian-policy/ch-docs.html#s-copyrightfile
> >
> > I think Policy implies something different:
> >
> >     In addition, the copyright file must say where the upstream sources
> >     (if any) were obtained.
> >
> > Explaining how the .orig.tar.gz file was derived is part of explaining
> > where the upstream sources were obtained to me.  I can see how others
> > would read it differently, but that's the way it read to me the first
> > time I read Policy.
> >
> > Policy says nothing about a README.Debian-source so far as I know.
>
> I agree that this interpretation is very reasonable.  With this
> interpretation, the debian-policy and the developers-reference seem to
> contradict on where to describe how the .orig.tar.gz was repackaged.
>
> > One advantage of insisting on a get-orig-source target
>
> Do you insist on a get-orig-source target while sponsoring? It's
> currently optional according to the debian-policy.
> http://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules
>
> > as part of the
> > review is that it ensures that the derivation of the .orig.tar.gz file is
> > automated and reproducible, making it easier and quicker to package the
> > *next* upstream release of the software.
>
> The next upstream .tar.gz may be completely different.  Trying the
> get-orig-source target on a new .tar.gz without first having a look
> inside that new .tar.gz before, can make a mess.

Good point !

> Also, repackaging a .orig.tar.gz should be avoided.  It is better to
> encourage the upstream author to make the repackaging unnecessary before
> the next upstream .tar.gz is released.  That is, of course, not always
> possible.

Seems that we talk about cases where repackaging orig.tar.gz is the last 
change for a package to hit the official debian archive ( because of bad 
upstream/license/legal/other issues ;-)

--snip--
> > I find automated processes more reliable than manual processes.  If it's
> > an exceptional case that requires careful review, it's even *more*
> > important to automate where possible so that humans don't miss things by
> > accident
>
> A sponsor should not trust a get-orig-source target written by the
> sponsoree (is that correct english?).  The sponsor should redo the

( should be sponsee I guess ;-)

> repackaging of the .orig.tar.gz step by step to verify whether each step
> is appropriate.

Obviously a sponsor is much more interested to look at the exact programming 
bits (get-orig-source target implementation) than having to read and trying 
to reproduce instructions from a text file written in a natural language 
possibly by a non-english speaker ;-) This could be quite confusing and 
error-prone. Agreed ?

-- 
pub 4096R/0E4BD0AB 2003-03-18 <people.fccf.net/danchev/key pgp.mit.edu>
fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB
Reply to: