Re: Bug#39299: PROPOSAL] permit/require use of bz2 for source packages
Manoj Srivastava <srivasta@debian.org> writes:
> Hi,
> >>"Branden" == Branden Robinson <branden@ecn.purdue.edu> writes:
>
> Branden> On Thu, Jun 10, 1999 at 01:22:26PM -0600, Marcelo E. Magallon wrote:
> >> On Thu, Jun 10, 1999 at 02:02:35PM -0500, Chris Lawrence wrote:
> >>
> >> > I further propose that the use of bzip2 be mandatory for newly uploaded
> >> > source files
> >>
> >> Upstream doesn't always provide .tar.bz2 packages.
>
> Branden> As said elsewhere, I think a source package can be regarded
> Branden> as "pristine" if it is md5-identical with the upstream
> Branden> version in *uncompressed* form.
>
> I disagree. I have sources, and md5sums, or pgp signatures,
> that are signed by the author. Anything that changes the md5sum of
> the file and makes it impossible for me to check against the original
> signature is not pristine.
How many packages have upstream sources that are compressed with gzip
-9, are in a directory with correct name, and the upstream author
provides it's md5sum somewhere? Probably about 20%.
How many people actually take the time to find the upstream md5 to
compare them? Probably about 0.01%.
So the use of "pure" pristine sources isn't that large IMHO. What is
important is simply the fact that with the Debian CD I also have the
upstream package unaffected by any Debian changes.
This advantage won't go away with changing the compression method.
If somebody would calculate the amount of bandwidth and disk space
safed, I guess it would be quite a lot. I have a Debian mirror at home
and would be quite happy to save several 100 megs.
The best solution would be to take the md5sum of the unpacked tar file
and convince the upstream autor to provide that.
Falk
Reply to: