--- Begin Message ---
Package: dpkg-dev, debian-policy
Version: 1.17.27, 3.9.8.0
dpkg-source has a surprising and not-very-well-documented feature,
that it is possible to have in a `3.0 (quilt)' package a
vendor-specific series file, which is used only if the vendor matches
that of the running host.[1]
This feature is a very bad idea. I can see why people thought it
might be nice: it means you can use the same (or very similar) .dsc
(and perhaps vcs history) on different distros.
But it is quite wrong, because it means that the same source package
has different "contents" on different computers.
For example, if I am a Debian contributor and I download the Ubuntu
version of the package and build it to see how it works, I actually
get the Debian version. And vice versa.
The version of the package you get should depend on where you got the
package from, not where you are looking at it.
There are only a handful of packages in current Debian that use this
feature.[2]
Concretely, I would like the following changes made:
In dpkg-source:
* Remove all traces of this feature from the documentation, except to
mention it in the source format 3.0 description as a deprecated
feature.
* Whenever a package is being extracted has a non-default series
file, print a big warning (regardless of whether the non-default
series file is going to be used).
* Warn that dpkg-source in buster will refuse to generate a `3.0
(quilt)' source package containing non-default series files.
* Warn that dpkg-source in buster will never apply anything other
than the default series file (reestablishing a uniform meaning of
all source packages on all computers).
In policy:
* Say that a package MUST NOT contain a non-default series file.
(obviously with an expectation that these newly-declared RC bugs
will not be fixed in stretch)
(And the consequential lintian change.)
I am not yet supplying patches for dpkg-source and for policy, because
I think deprecating this feature will involve some discussion.
Ian.
PS: Of course I have an angle. dgit depends on the assumption that a
source package means a particular tree. This feature breaks that
assumption, and as a result dgit must always fail on packages where
this feature is in use.
[1]
in dpkg.git, 4fa01b70df1dc4458daee306cfa1f987b69da58c
"dpkg-source: correctly create .pc/.quilt_series with alternate series files"
[2] In private email, Guillem wrote to me:
It seems it is "documented" (not very explicitly though, search for
/debian\.series/ in dpkg-source(1)). And several (but not many)
packages at least in Debian use this:
,---
$ apt-file -x -I dsc search 'debian/patches/.*\.series'
ddccontrol: /debian/patches/ubuntu.series
deluge: /debian/patches/ubuntu.series
fail2ban: /debian/patches/neurodebian-backport.series
hexchat: /debian/patches/ubuntu.series
libfreenect: /debian/patches/neurodebian-backport.series
libxbean-java: /debian/patches/bootstrap.series
libxbean-java: /debian/patches/full.series
libxfce4util: /debian/patches/ubuntu.series
lilo: /debian/patches/ubuntu.series
mixxx: /debian/patches/ubuntu.series
packagekit: /debian/patches/ubuntu.series
qjackctl: /debian/patches/ubuntu.series
smuxi: /debian/patches/ubuntu.series
xfce4-smartbookmark-plugin: /debian/patches/ubuntu.series
zlib: /debian/patches/debian.series
`---
Not sure if this is more widespread in other derivatives.
--
Ian Jackson <ijackson@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
--- End Message ---
--- Begin Message ---
Source: debian-policy
Source-Version: 4.3.0.0
We believe that the bug you reported is fixed in the latest version of
debian-policy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 850156@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sean Whitton <spwhitton@spwhitton.name> (supplier of updated debian-policy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 23 Dec 2018 10:17:55 +0000
Source: debian-policy
Binary: debian-policy debian-policy-ja
Architecture: source
Version: 4.3.0.0
Distribution: unstable
Urgency: medium
Maintainer: Debian Policy Editors <debian-policy@lists.debian.org>
Changed-By: Sean Whitton <spwhitton@spwhitton.name>
Description:
debian-policy - Debian Policy Manual and related documents
debian-policy-ja - Debian Policy Manual and related documents (Japanese)
Closes: 188731 833401 845715 850156 912581 914383
Changes:
debian-policy (4.3.0.0) unstable; urgency=medium
.
* Policy: Update recommendations for stripping binaries and shlibs
Wording: Sean Whitton <spwhitton@spwhitton.name>
Seconded: Russ Allbery <rra@debian.org>
Seconded: Niels Thykier <niels@thykier.net>
Closes: #188731
* Policy: Slightly relax when copyright information need be included verbatim
Wording: Sean Whitton <spwhitton@spwhitton.name>
Seconded: Holger Levsen <holger@layer-acht.org>
Seconded: Russ Allbery <rra@debian.org>
Closes: #912581
* Policy: Required targets must not write outside of the source package tree
Wording: Johannes Schauer <josch@debian.org>
Wording: Bill Allombert <ballombe@debian.org>
Seconded: Niels Thykier <niels@thykier.net>
Seconded: Holger Levsen <holger@layer-acht.org>
Closes: #845715
* Policy: Packages should not contain a non-default series file
Wording: Sean Whitton <spwhitton@spwhitton.name>
Seconded: Russ Allbery <rra@debian.org>
Seconded: gregor herrmann <gregoa@debian.org>
Closes: #850156
* virtual-package-names-list: Add dbus-session-bus, default-dbus-session-bus
Wording: Sean Whitton <spwhitton@spwhitton.name>
Seconded: Simon McVittie <smcv@debian.org>
Seconded: gregor herrmann <gregoa@debian.org>
Closes: #833401
* In a preexisting footnote, recommend passing -D to strip(1) when
stripping static libraries.
Thanks to Niels Thykier for the suggestion.
* Add references to 'next' branch in README.md.
* Convert virtual-package-names-list to YAML (Closes: #914383).
Thanks to Jonathan Dowland for the patch.
* Append missing '.git' to Vcs-Git.
Checksums-Sha1:
32d96d73dca550d5cf0babc5b77308764de35d9a 2023 debian-policy_4.3.0.0.dsc
836885a7a30c7e61859bb4aae6aaca1fa7572ddc 531404 debian-policy_4.3.0.0.tar.xz
Checksums-Sha256:
eb8b979248d8d29e4aec266e3e7abd0241c4a952126b1ea8a8cfb33f60435523 2023 debian-policy_4.3.0.0.dsc
48d9001a15656fa5a16489c3103e24f77e7a57af7aa4cfdd0f413ee3a16597c7 531404 debian-policy_4.3.0.0.tar.xz
Files:
97e6a98aa4092a1c1550ef0bf6bcc0ca 2023 doc optional debian-policy_4.3.0.0.dsc
f78e87cf7eb7b1def1f42004a8279030 531404 doc optional debian-policy_4.3.0.0.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAlwfYU0ACgkQaVt65L8G
YkD/qhAAtgMj7BOZOSB+jYjTcNgssuk4w3LH+8L2ATAPNlY/y6BH/YPIqIcio8MV
IXSn7ldU4rs7Ltz/g16aRCK7zBfA9fBDr/H/OsIaDmTNMtXKlJM0N9uczHVH4atk
bt88IcG/p6mGrf02IY4VRxgFMhRZtT5MlBY29rTit1e9vJizZCsd5bwyxZVKfnrb
BPuNuRkfzBR2PYQBrOf1R+9XvatqfZg1BveiRf1vaDpXxCpTOKWntKoxtwvhoN7N
OoNySzwTDeqvLJfO6CpkoNXqt0sFGjVs3DZxko0s206OqdV2szUXJXZxrEzYFQUO
yLzQ4jocG1qsGZHnkfLwOTQEPlXS0dVyGPZDX2FOYojpkwytsaVOyY5CduWBUyu2
yLUAxx1+Fkz4PHwtPzUfG+7/32Jq7ufJzgTmCdEmAkfYpN4sEhKMk9xrYfBfgkVS
YXDbCDDH4ENOZSgRG5RaHngxZ0/fM9yzPX+EZRsoWVGrlzeBck9EXzi2ERO1ncsx
MmIN5QUplsk5QXM7KkHj58v0BkrFSExsmJ7D9XMeqGDUOomiyBmGohwtahBjKtcq
QLOHlaccT/2n9KtwdUvqMTza/AKUszx9c6rFXMztffvnHfsLMgKWfU8RmpkwdvEv
I5PkxQzttUBCE0Xbvso4h4CXP+IdajASb+k+igMgqoO0Y/a90rI=
=fZNl
-----END PGP SIGNATURE-----
--- End Message ---