On Sat, Apr 29, 2006 at 01:52:17PM -0700, Russ Allbery wrote: > If I were sponsoring a -1 release of a package in which the maintainer > repackaged the upstream source, which is what I was originally > addressing, I would read the implementation of that target, read the > information in debian/copyright about why they repackaged the source,
A description of why and how the source was repackaged, should go in "README.Debian-source or a similar file". Copyright and distribution license(s) information should go in debian/copyright. I don't think that other information belongs in debian/copyright. http://www.debian.org/doc/manuals/developers-reference/ch-best-pkging-practices.en.html#s-bpp-origtargz http://www.debian.org/doc/debian-policy/ch-docs.html#s-copyrightfile > run the target, and > compare the results of the target with the .orig.tar.gz that they were > using. That would replace the normal sponsoring check of downloading the > upstream tarball and checking with cmp that it is identical to the > .orig.tar.gz. The sponsor should compare the upstream .tar.gz and the .orig.tar.gz with md5sum. If the MD5 checksum differs, then the sponsor should unpack both files and compare with "diff -ruN" or something like that. Each difference should be documented in "README.Debian-source or a similar file". The get-orig-source may be convenient to do less typing and to quickly understand how the .orig.tar.gz was created, but basically, the sponsor should still verify in detail whether each difference is appropriate. > In all cases, I don't see much purpose in having a separate > README.Debian-source document. Well, it was a choice made in the past. In my opinion it was a good choice. But feel free to discuss this again, and have the Debian Reference changed about this. > Maybe if the repackaging were so complex > so as to not be representable in a debian/rules get-orig-source target. Repackaging upstream sources should be exceptional. Also, verifying a repackaged .orig.tar.gz needs full attention anyway, so doing the repackaging manually to verify is good anyway. I guess that such get-orig-source target is still interesting because it encourages to describe very precise how the .orig.tar.gz was created. Its existence could be mentioned in "README.Debian-source or a similar file". -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
