Re: How to include information about a source package ?

To: debian-mentors@lists.debian.org
Subject: Re: How to include information about a source package ?
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Sun, 30 Apr 2006 21:11:26 +0000
Message-id: <20060430211124.GE6904@yuggoth.org>
In-reply-to: <200604302207.00285.danchev@spnet.net>
References: <20060428212050.GA4797@gevaerts.be> <20060430094158.GA11650@localhost> <87vesqzz8q.fsf@windlord.stanford.edu> <200604302207.00285.danchev@spnet.net>

On Sun, Apr 30, 2006 at 10:06:59PM +0300, George Danchev wrote:
> Nobody says that get-orig-source must be only used for repackaging
> purposes. I think it is fine to have such target just getting the
> upstream source (ok a hash checking against a previously checked
> and trusted version is required) without further modifications
> over it which is to be built on the autobuilder or end user side.
> Any worries with that ?

This sounds, to me, to be bordering on redundancy with the purpose
of including a debian/watch file, as both would likely be pointing
to similar sources (one for new versions, one for the current
version with a MD5 hash as a sanity check). To take it even further,
I'd be interested in a marriage between the upstream source location
in debian/copyright and a target in debian/rules that would allow
you to:

 a) eliminate the need to put the upstream URI in multiple files
 b) subsume or at least auto-generate a debian/watch, as desired

Maybe have a machine-parsable URI in debian/copyright (since policy
requires the upstream source origin to be indicated therein anyway),
and then make a debian/rules target that creates a debian/checksum
containing a MD5/SHA1 digest of the original upstream source and a
usable debian/watch (for backward compatability with uscan, since
you could at this point easily replace its functionality with
another make target anyway). Then the get-orig-source target could
determine the upstream version from debian/control, retrieve the
proper source tarball from upstream via the URI in debian/copyright
and verify it against the debian/checksum contents, followed by (in
cases where needed) performing removal/adjustment and repacking of
the contents to create the maintainer's mangled substitute.

I know this smacks of being a solution in search of a problem, but
would the above automation scenario be considered a voilation of
packaging policy/guidelines, obfuscated or unnecessarily cumbersome?
I'm tempted to play around with the ideas above and throw together a
mockup (just for fun).
-- 
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi@yuggoth.org); IRC(fungi@irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi@yuggoth.org);
MUD(fungi@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }

Reply to:

Follow-Ups:
- Re: How to include information about a source package ?
  - From: George Danchev <danchev@spnet.net>

References:
- How to include information about a source package ?
  - From: Frank Gevaerts <frank@gevaerts.be>
- Re: How to include information about a source package ?
  - From: Bart Martens <bartm@knars.be>
- Re: How to include information about a source package ?
  - From: Russ Allbery <rra@debian.org>
- Re: How to include information about a source package ?
  - From: George Danchev <danchev@spnet.net>

Prev by Date: Re: RFS: xlife - X11R7 changes
Next by Date: Re: How to include information about a source package ?
Previous by thread: Re: How to include information about a source package ?
Next by thread: Re: How to include information about a source package ?
Index(es):
- Date
- Thread