Bug#657076: Updating and maintaining barry in Debian / Ubuntu
- To: Chris Frey <cdfrey@foursquare.net>
- Cc: 657076@bugs.debian.org
- Subject: Bug#657076: Updating and maintaining barry in Debian / Ubuntu
- From: intrigeri <intrigeri@debian.org>
- Date: Sun, 03 Jun 2012 10:34:04 +0200
- Message-id: <[🔎] 8562b8rdz7.fsf@boum.org>
- Reply-to: intrigeri <intrigeri@debian.org>, 657076@bugs.debian.org
- In-reply-to: <20120531223954.GA22530@foursquare.net> (Chris Frey's message of "Thu, 31 May 2012 18:39:54 -0400")
- References: <20120512005312.GA6341@foursquare.net> <851ump23r4.fsf@boum.org> <20120514213545.GA20735@foursquare.net> <20120514234804.GA28432@foursquare.net> <20120516031254.GA11251@foursquare.net> <85ipfw5sda.fsf@boum.org> <20120526021512.GA14521@foursquare.net> <85wr3v8j9w.fsf@boum.org> <20120529094515.GA7323@foursquare.net> <85bol7889j.fsf@boum.org> <20120531223954.GA22530@foursquare.net>
Hi,
Chris Frey wrote (31 May 2012 22:39:54 GMT) :
> Making every maintainer update their package in order to support
> hardening seems like the long way around. But so be it. :-)
I agree but the decision was not made this way, so let's deal with
it :)
> There is no guarantee either that the diffs you look at with git-log
> are the same changes that end up in the binary file you get out of
> a pristine-tar commit. It is unlikely that they will differ, but
> thinking that pristine-tar is somehow closer to the real git sources
> than a signed binary tarball from sourceforge is mistaken. There is
> a trust gap in both. The xdelta can contain anything.
Ah. Looks like you are absolutely right. I never thought of this.
Thanks a lot for educating me! :)
>> > If I find a way to make git-buildpackage run for you as expected,
>> > without pristine-tar, would that be satisfactory? Maybe that's
>> > impossible, but I'd really like to get rid of that dependency.
[...]
> If I stop autogenerating configure in the .orig.tar.gz, and stop
> pre-generating html docs in it, which aren't used anyway, it should
> be possible for you to import the .dsc file using git-buildpackage
> and have a completely empty git-diff between my release tag and your
> git-buildpackage master tree. This would allow you to peruse my
> upstream git log with certainty that you're actually viewing the
> real changes.
> I don't think you'll need to use debdiff anymore.
Looks great.
> [...]
> But the diff between the master branch (created by git-buildpackage) and my
> barry-0.18.3 tag only contained the autogenerated files for the html docs
> and autoconf. Without such cruft in the .orig.tar.gz release, you could
> easily import my releases, and review them at will, and use git-buildpackage
> however you like. It would make the release files smaller too.
This looks like an awesome solution. Let's try it!
> The downloads from sourceforge worked just fine from the
> command line.
Sure. However, the URLs you provided me until now did not. Did I miss
a way to get the real download URL from the click-one, without firing
up a web browser?
> Please let me know what you think of my above plan. If it is
> satisfactory, I can release barry-0.18.3-2 soon, and we can see how
> our workflows mesh.
Yeah, let's try for real soon.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
Reply to: