also sprach Manoj Srivastava <> [2009.04.15.1702 +0200]:
>         In my experience, while that used to be true, it has not been
>  the case for some time now. 

This topic came up on debian-devel:

If I may sum it up in my own words and mix it with my own opinion,
then distributions like Debian aren't really necessarily the target
audience of the autotools output and it might make a lot more sense
for us to build from VCS. This means that autotools would become
part of the build process *and* that we rid ourselves of the "dogma"
of distributing pristine tar sources.

Even though those are nice in theory, I've always wondered who
actually checks them for authenticity, and if so, then *why*. Do
they check /every/ source package? Do they check that the binary
packages actually stem from those sources? Why are they using

Building directly from VCS seems a lot saner to me. There is no
reason why autotools couldn't also be used to create tarballs by
upstream for all the other consumers, but in the distro context,
pristine tarballs seem a bit limiting and possibly a step backwards.

Anyway, this is my summary and mixed with my opinion. Feel free to
disagree and voice your counter-arguments!

 .''`.   martin f. krafft <madd...@d.o>      Related projects:
: :'  :  proud Debian developer     
`. `'`
  `-  Debian - when you have better things to do than fixing systems
"if one cannot enjoy reading a book over and over again,
 there is no use in reading it at all."
                                                        -- oscar wilde

Attachment: digital_signature_gpg.asc
Description: Digital signature (see

vcs-pkg-discuss mailing list

Reply via email to