Bug#657076: Updating and maintaining barry in Debian / Ubuntu

To: Chris Frey <cdfrey@foursquare.net>
Cc: 657076@bugs.debian.org
Subject: Bug#657076: Updating and maintaining barry in Debian / Ubuntu
From: intrigeri <intrigeri@debian.org>
Date: Sun, 03 Jun 2012 10:34:04 +0200
Message-id: <[🔎] 8562b8rdz7.fsf@boum.org>
Reply-to: intrigeri <intrigeri@debian.org>, 657076@bugs.debian.org
In-reply-to: <20120531223954.GA22530@foursquare.net> (Chris Frey's message of "Thu, 31 May 2012 18:39:54 -0400")
References: <20120512005312.GA6341@foursquare.net> <851ump23r4.fsf@boum.org> <20120514213545.GA20735@foursquare.net> <20120514234804.GA28432@foursquare.net> <20120516031254.GA11251@foursquare.net> <85ipfw5sda.fsf@boum.org> <20120526021512.GA14521@foursquare.net> <85wr3v8j9w.fsf@boum.org> <20120529094515.GA7323@foursquare.net> <85bol7889j.fsf@boum.org> <20120531223954.GA22530@foursquare.net>

Hi,

Chris Frey wrote (31 May 2012 22:39:54 GMT) :
> Making every maintainer update their package in order to support
> hardening seems like the long way around. But so be it. :-)

I agree but the decision was not made this way, so let's deal with
it :)

> There is no guarantee either that the diffs you look at with git-log
> are the same changes that end up in the binary file you get out of
> a pristine-tar commit. It is unlikely that they will differ, but
> thinking that pristine-tar is somehow closer to the real git sources
> than a signed binary tarball from sourceforge is mistaken. There is
> a trust gap in both. The xdelta can contain anything.

Ah. Looks like you are absolutely right. I never thought of this.
Thanks a lot for educating me! :)

>> > If I find a way to make git-buildpackage run for you as expected,
>> > without pristine-tar, would that be satisfactory? Maybe that's
>> > impossible, but I'd really like to get rid of that dependency.
[...]
> If I stop autogenerating configure in the .orig.tar.gz, and stop
> pre-generating html docs in it, which aren't used anyway, it should
> be possible for you to import the .dsc file using git-buildpackage
> and have a completely empty git-diff between my release tag and your
> git-buildpackage master tree. This would allow you to peruse my
> upstream git log with certainty that you're actually viewing the
> real changes.

> I don't think you'll need to use debdiff anymore.

Looks great.

> [...]
> But the diff between the master branch (created by git-buildpackage) and my
> barry-0.18.3 tag only contained the autogenerated files for the html docs
> and autoconf.  Without such cruft in the .orig.tar.gz release, you could
> easily import my releases, and review them at will, and use git-buildpackage
> however you like.  It would make the release files smaller too.

This looks like an awesome solution. Let's try it!

> The downloads from sourceforge worked just fine from the
> command line.

Sure. However, the URLs you provided me until now did not. Did I miss
a way to get the real download URL from the click-one, without firing
up a web browser?

> Please let me know what you think of my above plan. If it is
> satisfactory, I can release barry-0.18.3-2 soon, and we can see how
> our workflows mesh.

Yeah, let's try for real soon.

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

Reply to:

Follow-Ups:
- Bug#657076: Updating and maintaining barry in Debian / Ubuntu
  - From: Chris Frey <cdfrey@foursquare.net>

Prev by Date: Processed: tagging as pending bugs that are closed by packages in NEW
Next by Date: Bug#675764: O: xcb -- Pigeon holes for your cut and paste selections
Previous by thread: Bug#675755: O: gregorio -- command-line tool to typeset Gregorian chant
Next by thread: Bug#657076: Updating and maintaining barry in Debian / Ubuntu
Index(es):
- Date
- Thread