The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

source packages and upstream source

Susan wrote me this morning complaining about the trace-ability in Debian.
This is a relevant point, given that we are attempting to establish a
standard for signing of upstream source, and a standard for signing of
Debian packages. In the context of signed upstream sources, it makes more
sense for the upstream source to be distributed unmodified along with our
 .diff.gz and .dsc files than it does to repack it into an .orig.tar.gz .
The dpkg-source program seems to work fine to extract packages built this
way, and it looks as if it will pack them when used with the -sk, -sp, and
-ss flags.

It seems to me that when a usable upstream source .tar.gz file is
available, we lose trace-ability by repacking that file instead of
distributing the original. We don't seem to gain anything. This is
probably reason for a change in the procedure manual. Comments?

	Thanks

	Bruce
--
Bruce Perens K6BP   Bruce@Pixar.com   510-215-3502
Finger bruce@master.Debian.org for PGP public key.
PGP fingerprint = 88 6A 15 D0 65 D4 A3 A6  1F 89 6A 76 95 24 87 B3 


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com