Hi! Martin Schulze [2004-11-14 20:13 +0100]: > Adrian 'Dagurashibanipal' von Bidder wrote: > > I've just started http://wiki.debian.net/SoftwarePackaging, intended to > > collect thoughts of packagers how upstream developers can make the life of > > a packager easier. > > > > I'm sure all packagers have wondered about "brain-dead" upstream developers > > who have not put much thought into how their software might be distributed > > in a pre-compiled/pre-configured package. Compile-time options are one > > example, user-modifiable files outside of /etc are another, to name the two > > that I could think of just now. > > What comes to my mind: > > - public version control (cvs, arch, svn) by upstream > - public development mailing list > - public availability of old and new versions at a defined location > (for watch files etc.) > - clean clean target > - don't distribute auto-generated files except for configure/autofoo > but add rules to the Makefile to generate them on-demand > - add a private mail address of the lead developer to the distributed > files (contrary to only a mailing list, this is important for security > problems that need to be discussed off the public first) > - configurability of path names (so that the pkg can be made FHS compatible > easily without loads of patches) > - an announce list and a packager list may also be helpful to notify > packages of new versions / security problems (private)
- Refrain from including source code from libraries which are externally available, or at least make it easy to use the external version of a library instead. Half a thousand copies of one and the same library scattered throughout Debian is an outright security nightmare. Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org
signature.asc
Description: Digital signature
