Bug#466550: Please clarify the get-orig-source target stated in Policy 4.9
Package: debian-policy Version: 3.7.3.0 Severity: wishlist X-Debbugs-CC: debian-mentors@lists.debian.org, [EMAIL PROTECTED] Dear policy team, recently the get-orig-source target of debian/rules has been discussed on the debian-mentors list (see the threads starting with [1] and [2]). It seems the get-orig-source specific paragraph of section 4.9 should be improved to a bit more clearly and answer some open questions, too. Basically it boils down to two or three open questions: The first one being, if get-orig-source is intendedn to fetches the most recent version of the original source upstream wise or if it should fetch the most recent version debian wise. If the later is the case and of a package has a version in experimentatl, should get-orig-source fetch the version of experimental or from unstable? And last questions: Where should tools used in get-orig-source (e.g. bzip2 or unzip to repacke a tarball) be declared? As Build-Dependency? Anywhere else? Links: 1: http://lists.debian.org/debian-mentors/2008/02/msg00402.html 2: http://lists.debian.org/debian-mentors/2008/02/msg00455.html Yours sincerely, Alexander -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#466550: Please clarify the get-orig-source target stated in Policy 4.9
I would like to add what Russ Allbery wrote. On Tuesday 19 February 2008 1:47:25 am Russ Allbery wrote: . . . Personally, I've always read it has emphasizing an entirely different part than what people are talking about here. Rather than focusing on the current version bit, I always focused on the does any necessary rearrangement to turn it into the original source tar file format described below bit. I provide this target only for my packages that require repackaging of the upstream source as a way of automating that repackaging. . . . When considering the phrase in policy ...does any necessary rearrangement to turn it into the original source tar file format..., it makes more sense when it refers to the original source tar file of the source package in Debian (or will be in Debian), and the original source tarball would be at a particular version, and thus the get-orig-source should generate that particular version of the original source tarball of the source package in Debian. -- Regards, Andres -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#466550: Please clarify the get-orig-source target stated in Policy 4.9
Hello, Perhaps the following elaborate statement can be condensed (once sufficient cooling has occurred :-)) 1. Once pkg_ver.orig.tar.gz enters the Debian archive this is considered the authoritative Debian version from which all the binary Debian packages will be built (for that version of the package). A signature/checksum is used (in the upload and the Sources.gz file) so as to detect any contamination. 2. If re-packaging of upstream sources was required in order to create this .orig.tar.gz, then this should be documented in the copyright file (with some further explication in README.Debian-source perhaps). 3. Whenever upstream releases a new version, one needs to create a pkg_nver.orig.tar.gz for the newer version. In case this is merely a matter of downloading and renaming an upstream tar.gz, the uscan and uupdate programs are adequate and there is no significant need for a get-orig-source target. In the case when re-packaging has been done as in (2), it is a non-trivial convenience if these steps are automated by such a program or target. Such a program further clarifies the statements in the copyright file and the README.Debian-source file. (Program as documentation!) In the last case, someone who wishes to verify the accuracy of the statements in the copyright file may also wish to re-generate pkg_ver.orig.tar.gz to compare it with the Debian version. This can also be provided for to the extent possible. If there is any reason to suspect that the pkg_ver.orig.tar.gz was not in fact created as documented then this constitutes a bug whose severity would depend on the extent of the discrepancy. Regards, Kapil. -- signature.asc Description: Digital signature
Re: Bug#466550: Please clarify the get-orig-source target stated in Policy 4.9
Am Dienstag, den 19.02.2008, 15:16 +0100 schrieb Alexander Schmehl: Package: debian-policy Version: 3.7.3.0 Severity: wishlist X-Debbugs-CC: debian-mentors@lists.debian.org, [EMAIL PROTECTED] Dear policy team, recently the get-orig-source target of debian/rules has been discussed on the debian-mentors list (see the threads starting with [1] and [2]). It seems the get-orig-source specific paragraph of section 4.9 should be improved to a bit more clearly and answer some open questions, too. Basically it boils down to two or three open questions: The first one being, if get-orig-source is intendedn to fetches the most recent version of the original source upstream wise or if it should fetch the most recent version debian wise. That should be done by uscan invoking debian/rules get-orig-source as suggested several times. This won't make the situation more complicated. It just requires that any variables necessary to create the tarball (e.g. upstream version, svn version number, ...) can be overwritten by uscan (already explained it in this thread) If the later is the case and of a package has a version in experimentatl, should get-orig-source fetch the version of experimental or from unstable? It should IMO fetch the version by parsing debian/changelog. That's simple and logical. uscan can overwrite these variables. And last questions: Where should tools used in get-orig-source (e.g. bzip2 or unzip to repacke a tarball) be declared? As Build-Dependency? Anywhere else? I don't think, they should be declared in Build-Depends, because they are simply not necessary to build the package. No target in debian/rules invokes get-orig-source during a build and people invoking this target should be able to check debian/rules, if something goes wrong. But to be honest: This target normally requires only bzip2/gzip/tar, wget (maybe we can drop this, if uscan invokes get-orig-source) and rm + sometimes $VCS-command. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#466550: Please clarify the get-orig-source target stated in Policy 4.9
Hi! * Daniel Leidert [EMAIL PROTECTED] [080219 18:11]: That should be done by uscan invoking debian/rules get-orig-source as suggested several times. Thanks for your input, but the question of this supthread is not How but What ;) And last questions: Where should tools used in get-orig-source (e.g. bzip2 or unzip to repacke a tarball) be declared? As Build-Dependency? Anywhere else? I don't think, they should be declared in Build-Depends, because they are simply not necessary to build the package. [..] I agree. But shouldn't needed packages be documented somewhere? Yours sincerely, Alexander signature.asc Description: Digital signature
