[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian .orig.tar.gz vs. upstream tar.gz



On Mon, 27 Aug 2007 16:46:56 +0530
Kapil Hari Paranjape <kapil@imsc.res.in> wrote:

> Not just debian/changelog but README.Debian-source. However, the point
> of my mail was not about *how* pkg_123.45.orig.tar.gz turned out to
> be different from upstream's version but what to do *if* it turned
> out to be different.

Ah, that wasn't clear. As long as you always start with the assumption
that something is broken if .orig.tar.gz md5sum != upstream .tar.gz
md5sum (although md5 isn't perfect) then it is safe to use the
Debian .orig.tar.gz when preparing a new version of packages where
upstream differs. You must then ensure that there is a *reason*
specified in the correct places of the new version. If the reason is
not obvious, try to ask the maintainer of the existing package or try
to go back to the pristine upstream. (The reason may have been temporary.)

> One has no control over pkg_123.45.orig.tar.gz if it is *already*
> in the Debian archive. This applies (e.g.) to the situation where a
> sponsee adopts a package.

A maintainer adopting a package should try to fix all issues in the old
package whether bugs were filed or not. When you adopt you take on full
responsibility for that package - it is up to you how to fix the issues
but they need to be fixed.

(BTW: AFAICT a sponsoree (or whatever other words people use) is
actually the package maintainer as far as Debian is concerned so IMHO
it's just as well to call the person requesting sponsorship "the
maintainer" - it reinforces the responsibility of the maintainer to
look after the package with the help of the sponsor. Might be an idea
to make this explicit in the debian-mentors FAQ.)

> It should not have changed but it may have. For example, at some
> point someone may have done:
> 
> 	gunzip pkg_123.45.orig.tar.gz
> 	gzip -9 pkg_123.45.orig.tar.gz
> 
> for all the wrong reasons. 

Bug report required if no good reason given - or a fix if you decide to
proceed with the adoption.

> Or, for example, upstream may have moved the archive to a public
> repository, and since it was a large file did:
> 
> 	gunzip pkg-123.45.tar.gz
> 	gzip --rsyncable pkg-123.45.tar.gz

Also needs to be explained in the debian files.
 
> The rule (for the sponsor) could be something like. While sponsoring a
> package *always* check that pkg_123.45.orig.tar.gz matches upstream.

Yes, that is part of sponsoring.

> If the package is being adopted then also check the Debian archive
> version of pkg_123.45.orig.tar.gz. All differences must be sorted out
> and if necessary documented in README.Debian-source.

That is normally achieved using tools like debdiff and interdiff to
compare the package prepared by the maintainer against the current
Debian package.

-- 


Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/

Attachment: pgpknprcFECkE.pgp
Description: PGP signature


Reply to: