The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Changing the way we deal with source archives

To: debian-private@lists.debian.org
Subject: Re: Changing the way we deal with source archives
From: Steve Dunham <dunham@dunham.tcimet.net>
Date: 07 Mar 1997 17:29:31 -0500
In-reply-to: bruce@pixar.com's message of Fri, 7 Mar 97 14:04 PST
References: <Pine.LNX.3.95.970307125247.2119C-100000@dwarf.polaris.net> <m0w37l3-00MKNfC@golem.pixar.com>
Resent-cc: recipient list not shown: ;
Resent-date: 7 Mar 1997 22:33:33 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"jch1E2.0.YY7.yU98p"@debian>
Resent-sender: debian-private-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----

bruce@pixar.com (Bruce Perens) writes:

> From: Mark Eichin <eichin@cygnus.com>
> > Umm, they already do: <package>-<version>.tar.gz unpacking into
> > <package>-<version> is mandated by the GCS, and followed by a large
> > percentage of the packages out there.  *we* need to change the .orig
> > silliness. 

> I agree. We need to change the policy manual and the defaults of
> dpkg-source so that original source archives are carried into the
> distribution un-modified. 

> DOES ANYONE DISAGREE WITH THIS (calling for consensus here).

> In addition, we need to fold the GCS and the LSM procedure into one
> document. We need to extend the LSM to include MD5 checksums for the
> files it mentions. We need to extend the LSM to be wrapped with a PGP
> signature. That will do everything we need for verifying integrity of 
> upstream sources _except_ for admitting the upstream maintainer into the
> PGP web of trust.

Sounds good, but how should I handle this case:

I am maintaining a package whose source is generated from 4 upstream
.tar.gz files.  (The upstream instructions are to untar the first one,
then untar the other two into that tree.)

RedHat handles this case very well - their source packages contain an
arbitrary number of original archives and patch files, and a file that
contain information on how to generate the build tree from them.

My current solution is to unpack all three archives, delete two
directories (and a couple of binaries...) that I don't want (libjpeg
and libpng), and tar this up into the "orig" archive (generating
patches against it).  Is this an acceptable compromise or should we
come up with a system that allows more than one original source
archive?

Steve
dunham@cps.msu.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMyCWs2wRrstnfoZRAQFEygQAkGyL1bqC+I4lAzVs7s/ASnY5lbUtwZg9
44NRaIOfAvcAw2O/rTxC+mGypkZWYn+J5m5aroWCAM6OwKRBzvugEi8wVoM5Ma9v
NpPx0Tu1nNtDXfRk8WgLBCchlgVeupi5h+zF7REHzpIneOvlIx+IzRBnh0WwDUte
d5sRdzhrnFc=
=bGqW
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Changing the way we deal with source archives
  - From: David Engel <david@sw.ods.com>

References:
- Re: qmail license
  - From: Dale Scheetz <dwarf@polaris.net>
- Changing the way we deal with source archives
  - From: bruce@pixar.com (Bruce Perens)

Prev by Date: Let's push Guy around :-)
Next by Date: Re: dpkg/dselect development
Previous by thread: Changing the way we deal with source archives
Next by thread: Re: Changing the way we deal with source archives
Index(es):
- Date
- Thread