Re: Original sources, or not
On Thu, 18 Sep 2003 18:25:37 +1000, Glenn McGrath <email@example.com> said:
> On Thu, 18 Sep 2003 02:01:25 -0500
> Manoj Srivastava <firstname.lastname@example.org> wrote:
>> Pristine sources are already a desired, but not required,
>> characteristic. There are enough brain dead upstream packaging
>> practices that we can not mandate pristine sources.
> Dont go blaming "upstream" for debians problems, lots of other
> distro's ship pristine sources, thats a poor excuse.
Poor excuse? Your ignorance is showing. Firstly, there have
been upstream sources that have been packaged as zip files, as rar
files, and other formats (I seem to recall something distributed as
an unarj repository, or something); there are upstream sources that
contain non-free material and must be repackaged; and there are
sometimes other reasons that we can't ship pristine upstream sources
> As far as i know, the problem is that our packaging tools cant
> handle the common tar.bz2 format, or having seperate patches.
That is not the only reason, as I have detailed above.
> There was talk of a python based dpkg-source2 that had the features
> to make this possible,
Thenm when this new dpkg-source2 gets into a stable release,
we can make policy based on that.
>> This would be an undue burden on a number of packages. Have you
>> done a survey to see how many packages would be affected? What
>> purpose would be served by this target that is not already served
>> by recording the upstream source location in the copyright file?
>> If we do not ship pristine sources, it is unlikely that we would be
>> able to generate a cryptographically pristine set by this mechanism
> The purpose it would serve is greater transparency, which promotes
If you can't trust the project, you should not trust the
binary package, if you are rebuilding from source, get the sources
from the location mentioned in the copyright file.
While I admit that pristine sources are a good thing (which is
why not having pristine sources is deprecated); it is way premature
to suggest making that a policy requirement.
Oh yeah? Well, I remember when sex was dirty and the air was clean.
Manoj Srivastava <email@example.com> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C