On 2/1/2011 6:33 AM, Ross Burton wrote:
Hi,
So I've been investigating using Tumbler (thumbnailing daemon) in a
project I'm working on. OBS Trunk had Tumbler 0.1.1 -- very old -- so I
naturally grabbed upstream git and started patching it to suit our
needs, with the aim of updating OBS Trunk to the latest release this
week before the feature freeze.
Then I find out that Tumbler 0.1.12 was just submitted to Trunk:Testing
by Maitrey Mishra from Nokia. This confused me greatly because the
upstream (XFCE-hosted) Tumbler is currently version 0.1.6 (released
January 16th 2011).
Does MeeGo have a policy on hostile forks that don't change name but
continue the versioning as if they were their own? I'd expect the
policy to be "don't do that" but apparently not, because this isn't the
first instance that comes to mind.
if we have a tarbal in a package that is versioned/made to look like an
upstream tarbal, but is not identical
to the upstream tarbal, that is a HUGE problem (basically equivalent to
having a trojan added, since we can't tell
if that happened by comparing the tarbals).
If that is happening here then that needs to be rectified urgently.
If someone feels the need to fork an upstream project, you must
1) clearly mark the tarbal as such, ideally providing your fork as a
patch, not a new tarbal. But if your change is 100Kb or more, that may
not be practical
2) keep the version of the project you forked from; so if you forked
0.1.6 you name your tarbal 0.1.6.forked.01 or so..
_______________________________________________
MeeGo-packaging mailing list
[email protected]
http://lists.meego.com/listinfo/meego-packaging
