On Tue 09 Jan 2007 21:03:16 NZDT +1300, Matthew Gregan wrote: > > Having a good deal of first-hand experience with dpkg&Co, I can say that
> > a source package format is simply non-existant > > Depends what you mean. The 'source package' is made up of three files--the > "pristine" tarball from upstream, Well, you already put it in quotes. I mean "package format", not something which by technical definition of the term passes as "format". And I reserver judgement on the "pristine" for later, because some time back it was always debianjumble.tar.gz. With rpm that has been required policy from day 1, and well over a decade now. If dpkg has changed meanwhile then that's all for the better, but it's still a Johnny-come-lately, and I won't rely on it myself for some while. > There is no single file like the > equivalent SRPM but I don't see that it matters. If it doesn't matter then why not have several binary debs as well? One for /usr, one for /etc, ... If one has a packaging system, then 1 file ought to do for it. Or why have a "package"? > 'apt-get source', with deb-src sources specified in your sources.list will > download (and optionally extract and compile) a package. On a Debian system, yes. Otherwise, no, and it's pasting some URLs (plural) into wget. > 'apt-get > build-dep' will install any build-time dependencies of the package you want > to build. Noted, thanks! > > package verification is cumbersome for package files and non-existant > > after the package is installed > > Install time package verification will finally be enabled by default in the > next Debian release (etch). Well over a decade behind rpm... but it's good to see dpkg catching up. This was one of the most important core features of rpm! For a distro which is primarily spread by network it's quite astounding to still get the "we'll have this soon, watch this space" when it should have been fixed, tested and ticked off last Millennium. Sorry, my considered opinion. I remember when the Megabyte to download cost $5.00 (special uni rate, 3x that from commercial ISPs). Crypto-signed packages were a godsend! > Post-installation verification is provided by the optional > debsums package, which merely requires installation and no configuration to > use. Ok, will add to package list. Does it do permissions, ownerships and the works too? Bottom line is still that I can't see anything dpkg does better than rpm, but a few things where it doesn't match. At least one of them important. > > and searching had some absent feature(s) (have to check my notes here). > > What were you missing? It probably exists already. Seems I didn't write it down, and I can't remember, but next time I'm missing it I'll ask :) Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
