Bug#466550: Please clarify the get-orig-source target stated in Policy 4.9
Ben Finney dijo [Thu, Mar 05, 2009 at 07:06:58PM +1100]:
> Practice is, I think, changing recently in response to the flowering
> of distributed VCSen. Increasingly many packages are now available
> from upstream *only* as a VCS branch; no static tarball releases are
> available. Yet we must provide a “pristine upstream tarball” for a
> Debian source package.
>
> Common practice is to ignore the issue, until someone points out that
> Lintian is complaining the package has no ‘debian/watch’ file. Then
> the maintainer commonly writes a ‘debian/watch’ file with a static
> comment saying “we get the upstream source from such-and-so VCS URL”.
>
> That satisfies Lintian, but the user is left floundering with figuring
> out exactly how to get the corresponding source from upstream to
> verify Debian's package.
>
>
> That is a poor substitute for a documented, automated method of
> getting a “pristine upstream tarball” of the exact VCS revision from
> which the source package was created. I think the ‘get-orig-source’
> target is perfectly positioned to be that method in the short term.
>
> All we need is to re-vamp the specification so it means what many in
> this discussion want it to mean.
FWIW, I am going more or less with this approach for githubredir.d.n
(which makes debian/rules-friendly index pages pointing to tags in
github-hosted projects). Two tarballs generated from the same tag
(that is, from the same commit) will have the same contents, although
their MD5s will be different (and will thus be rejected for an
upload).
This has rarely been an issue for me... But it might be a bothering
issue. And, yes, an ideal solution would be for uscan to understand
VCS tags as well.
--
Gunnar Wolf - gwolf@gwolf.org - (+52-55)5623-0154 / 1451-2244
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF
Reply to: