Re: packaging manual/ policy seem to discourage pristine source

To: debian-policy@lists.debian.org
Subject: Re: packaging manual/ policy seem to *discourage* pristine source
From: Adam Di Carlo <adam@onshore.com>
Date: 12 Jun 1999 01:35:03 -0400
Message-id: <[🔎] oazp26yoag.fsf@arroz.fake>
In-reply-to: Jason Gunthorpe's message of "Fri, 11 Jun 1999 13:58:28 -0600 (MDT)"
References: <[🔎] Pine.LNX.3.96.990611134627.6698B-100000@Wakko.deltatee.com>

Jason Gunthorpe <jgg@ualberta.ca> writes:

> I like to consider the source code (.c files, etc) and it's transfer
> encoding (.tar.gz) to be seperate. if you repack it, or recompress it, all
> you are doing is changing the way it is delivered not what is being
> delivered which is really what we want to preserve.

This is a bizarre interpretation.  Pristine upstream source is and
always has been one thing and one thing only:

  * the exact same (compressed) tarball as distributed by the upstream
    source of the package, as mentioned in the location as found in
    /usr/doc/<pkg>/copyright

> The best reasons I've heard for not doing recompression (and/or
> conversion) boiled down two a handfull of things:
>  - People want to be able to verify the original source via a digital
>    signature and the author has only included signatures for his .tar.gz
>    file
>  - People want to be able to 'eyeball' the validity of a .tar.gz by
>    checking something trivial like the size of the file against another 
>    FTP site

Or:

People want to be able to build the Debian version, and already have
the original upstream tarball, i.e., they were installing in another
OS or something (conservation of bandwidth).

Or suppose I'm beta-testing a pre-release, then I wanna beta test the
debian source package of the same pre-release -- should I have to
redownload the upstream source, just because we like gzip -9 ?

> Obviously recompression (and largely conversion) does not effect any other
> forms of comparision between archives so it is harmless. 

Well, this argument might make some sense if dpkg-source *itself* made
an md5sum on the uncompressed tarball.

> > Moreover, we see nothing in the Debian Policy stating that maintainers
> > *should* (not must) use upstream source when possible.  I believe this
> > is an error.
> 
> I think the reason for this is that dpkg-source cannot handle pristine
> source in all conditions.

Right -- don't misunderstand.  I'm saying we *should* use pristine
upstream .tar.gz files when possible.  It's not always possible.
(Yes, I maintain packages which are distributed as .zip files, or
sometimes as just a buncha files.)

> It seems to me that when we agreed on pristine source we all thought
> it was something else :<

I dunno -- your definition is pretty new to me....  In fact, your
intepretation isn't really supported in any of the debian tools
(dscverify, dpkg-source, etc).

--
.....Adam Di Carlo....adam@onShore.com.....<URL:http://www.onShore.com/>

Reply to:

Follow-Ups:
- Re: packaging manual/ policy seem to *discourage* pristine source
  - From: Jason Gunthorpe <jgg@ualberta.ca>
- Re: packaging manual/ policy seem to *discourage* pristine source
  - From: Steve Greenland <stevegr@debian.org>

References:
- Re: packaging manual/ policy seem to *discourage* pristine source
  - From: Jason Gunthorpe <jgg@ualberta.ca>

Prev by Date: Bug#25882: PROPOSED] u/gid 100 should be statically allocated
Next by Date: Re: Bug#39299: PROPOSAL] permit/require use of bz2 for source packages
Previous by thread: Re: packaging manual/ policy seem to *discourage* pristine source
Next by thread: Re: packaging manual/ policy seem to *discourage* pristine source
Index(es):
- Date
- Thread

Re: packaging manual/ policy seem to *discourage* pristine source

Re: packaging manual/ policy seem to discourage pristine source