On 7 Jan 2001, Goswin Brederlow wrote:

> The orig.tar.gz file should be pristine (does someone have the pointer
> to the policiy about this?). Basically NEVER rebuild it.
> 
> It should be the original file downloaded from the upstream author
> without any changes so that the md5sum compares to any md5sum the
> author made public.

This is neither pragmatic, nor could I find anything in policy or the
packaging manual that states this.  The reason this is not a useful
guideline is that *many* upstream tarballs are not a
./$package-$version/code format.  Some aren't gzipped, and some
aren't even tarballs.  Yet others are broken in other special ways.  For
example, I just sponsored  an upload a fortunes package where the
upstream tarball contained a full copy of the source for wget (?!?) -
naturally, we cut that out and saved about 450kB of cruft from occupying
every Debian mirror in the world.

As for Debian policy, the packaging manual (section 3.3) has this to say:

Original source archive - package_upstream-version.orig.tar.gz

  This is a compressed (with gzip -9) tar file containing the source code
  from the upstream authors of the program. The tarfile unpacks into a
  directory package-upstream-version.orig, and does not contain files 
  anywhere other than in there or in its subdirectories. 

Of course, you should make every effort to maintain the integrity of the
upstream source, but that doesn't mean that you can't repack it if need
be.  After all, that's why we insist on licenses that allow 
redistribution.

tony

  [EMAIL PROTECTED]      |  Der Graf sehnt sich so sehr nach dem Blut einer 
http://www.debian.org   |  Jungfrau.  Doch der Graf hat Angst... 
                        |  Angst vor HIV.                     (die Aerzte)

Reply via email to