Charles Plessy <ple...@debian.org> writes: > In my opinion, much of the current disagreements come from two false needs:
> * Apply patches so that dpkg-source -x gives buildable source. That was the need that had as much or more project consensus as anything else on my list, and as I recall was the impetus for doing the whole next-generation source format work in the first place. > I remember the discussion that took place during DEP1 preparation. It > already had the outcome that the main patch systems converged on a > common interface: > - Store the patches in debian/patches; > - Apply them with ‘debian/rules patch’; > - Document specificities in debian/README.source. If I'm not mistaken, that convergence and standardization actually happened *after* the 3.0 work was mostly finished. Certainly after the 2.0 work. > There were some concerns that applying patches through debian/rules > could be a security hole. In my opinion – that I already expressed in > the DEP1 discussion – given that 1) dpkg-source will not extract > packages that are not GPG-trusted, Eh? I'm fairly sure it does for me, although it prints a warning. > Personnaly, I am completely unconvinced of the necessity of applying > patches at unpack time, nor of standardising on one particular patch > implementation instead of using a clear patch interface as the one above > (parts of which being already in the Debian Policy). If I am not the > only one having this concern, maybe we could ask the technical comittee > to give us its conclusions on this matter. I am ready to follow it. I personally don't have a strong opinion, but there were a lot of people who felt this was important during the initial discussions. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org