[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Modified tarballs [was: Re: RFS: minidlna (updated package and FTBFS fix)]

On Sat, Jul 23, 2011 at 4:46 AM, Sven Hoexter <sven@timegate.de> wrote:
> On Fri, Jul 22, 2011 at 09:03:07PM -0300, Fernando Lemos wrote:
>> Just to clarify, I find it concerning that we might be accepting
>> source uploads that don't come straight from upstream and don't match
>> what was released upstream. I'm relieved to hear that there is a way
>> to ensure in your specific case that the source is the same as shipped
>> upstream. I wish this was a requirement for new packages entering
>> Debian.
> We do it all the time. Just 'dpkg -l|grep dfsg' on your local system
> and you should find plenty of those modified source tarballs.

Yeah, I'm aware of those.

> What I, as an uploader, do in such cases is a diff between the upstream
> provided tarball and what's in the dfsg orig.tar.gz. You can get a
> rough overview with diffstat and then review suspicious additions in
> more detail.

Thanks, that's what I expected to hear.

Reply to: