Re: How to include information about a source package ?
On Mon, 01 May 2006, George Danchev wrote:
> On Monday 01 May 2006 22:05, Don Armstrong wrote:
> > On Mon, 01 May 2006, George Danchev wrote:
> > > 1) Since debian/copyright already contains the upstream URL I would
> > > add also the hashes against it in a machine parsable way:
> > >
> > > It was downloaded from ftp://ftp.coolsite.org/dir/file-1.2.tar.gz
> > > md5sum: paranoiccyphers
> > > sha1sum: extraparanoiccyphers
> > That's not useful; far better to look at the original .dsc. Finally,
> > changing it automatically will just end up with it being the same as
> > the orig.tar.gz put in the .dsc...
> We won't have .dsc at that stage at all. The sponsor could checkout
> my debian/ directory from a scm repo we both have access to or I can
> send it to him gpg signed and he can start off the reviewing and
> building process from there. That's all.
In the cases where I'm sponsoring, I expect the sponsee to have built
the packages, have them ready for uploading, and lintian clean. I then
check and rebuild the packages myself, but I'm not going to bother
building them at all if the sponsee hasn't already done that. [I don't
want to spend time checking a package to find out that it FTBFS in a
trivial manner, or doesn't work at all.]
If I'm a co-maintainer, I'll build from a VCS repository, but that's a
different situtation entirely.
> > the copyright file isn't designed to have that information in it
> > in the first place.
> I do not see why it is not. File uri along a digest(s) is the only
> way to strictly declare which upstream tarball we are talking about.
A watch file is far better at doing this. The copyright file is meant
to document the copyrights and licenses present in the upstream
package, not to be used as a programmatic interface to the upstream
For a moment, nothing happened. Then, after a second or so, nothing
continued to happen.
-- Douglas Adams