On Mon, 27 Aug 2007 16:46:56 +0530 Kapil Hari Paranjape <kapil@imsc.res.in> wrote: > Not just debian/changelog but README.Debian-source. However, the point > of my mail was not about *how* pkg_123.45.orig.tar.gz turned out to > be different from upstream's version but what to do *if* it turned > out to be different. Ah, that wasn't clear. As long as you always start with the assumption that something is broken if .orig.tar.gz md5sum != upstream .tar.gz md5sum (although md5 isn't perfect) then it is safe to use the Debian .orig.tar.gz when preparing a new version of packages where upstream differs. You must then ensure that there is a *reason* specified in the correct places of the new version. If the reason is not obvious, try to ask the maintainer of the existing package or try to go back to the pristine upstream. (The reason may have been temporary.) > One has no control over pkg_123.45.orig.tar.gz if it is *already* > in the Debian archive. This applies (e.g.) to the situation where a > sponsee adopts a package. A maintainer adopting a package should try to fix all issues in the old package whether bugs were filed or not. When you adopt you take on full responsibility for that package - it is up to you how to fix the issues but they need to be fixed. (BTW: AFAICT a sponsoree (or whatever other words people use) is actually the package maintainer as far as Debian is concerned so IMHO it's just as well to call the person requesting sponsorship "the maintainer" - it reinforces the responsibility of the maintainer to look after the package with the help of the sponsor. Might be an idea to make this explicit in the debian-mentors FAQ.) > It should not have changed but it may have. For example, at some > point someone may have done: > > gunzip pkg_123.45.orig.tar.gz > gzip -9 pkg_123.45.orig.tar.gz > > for all the wrong reasons. Bug report required if no good reason given - or a fix if you decide to proceed with the adoption. > Or, for example, upstream may have moved the archive to a public > repository, and since it was a large file did: > > gunzip pkg-123.45.tar.gz > gzip --rsyncable pkg-123.45.tar.gz Also needs to be explained in the debian files. > The rule (for the sponsor) could be something like. While sponsoring a > package *always* check that pkg_123.45.orig.tar.gz matches upstream. Yes, that is part of sponsoring. > If the package is being adopted then also check the Debian archive > version of pkg_123.45.orig.tar.gz. All differences must be sorted out > and if necessary documented in README.Debian-source. That is normally achieved using tools like debdiff and interdiff to compare the package prepared by the maintainer against the current Debian package. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgpEe1avb2zQT.pgp
Description: PGP signature