[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Original sources, or not

On Thu, 18 Sep 2003 18:25:37 +1000, Glenn McGrath <bug1@optushome.com.au> said: 

> On Thu, 18 Sep 2003 02:01:25 -0500
> Manoj Srivastava <srivasta@debian.org> wrote:

>> Pristine sources are already a desired, but not required,
>> characteristic. There are enough brain dead upstream packaging
>> practices that we can not mandate pristine sources.

> Dont go blaming "upstream" for debians problems, lots of other
> distro's ship pristine sources, thats a poor excuse.

	Poor excuse? Your ignorance is showing. Firstly, there have
 been upstream sources that have been packaged as zip files, as rar
 files, and other formats (I seem to recall something distributed as
 an unarj repository, or something); there are upstream sources that
 contain non-free material and must be repackaged; and there are
 sometimes other reasons that we can't ship pristine upstream sources

> As far as i know, the problem is that our packaging tools cant
> handle the common tar.bz2 format, or having seperate patches.

	That is not the only reason, as I have detailed above.

> There was talk of a python based dpkg-source2 that had the features
> to make this possible,

	Thenm when this new  dpkg-source2  gets into a stable release,
 we can make policy based on that.

>> This would be an undue burden on a number of packages.  Have you
>> done a survey to see how many packages would be affected?  What
>> purpose would be served by this target that is not already served
>> by recording the upstream source location in the copyright file?
>> If we do not ship pristine sources, it is unlikely that we would be
>> able to generate a cryptographically pristine set by this mechanism
>> anyway.

> The purpose it would serve is greater transparency, which promotes
> trust.

	If you can't trust the project, you should not trust the
 binary package, if you are rebuilding from source, get the sources
 from the location mentioned in the copyright file.

	While I admit that pristine sources are a good thing (which is
 why not having pristine sources is deprecated); it is way premature
 to suggest making  that a policy requirement.

Oh yeah?  Well, I remember when sex was dirty and the air was clean.
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: