Scripsit Richard Atterer <[EMAIL PROTECTED]> > As the sponsor, you should rebuild the package from source using > the diff from the packager, and using the upstream sources, not the sources > provided by the packager. See this page: > http://www.debian.org/doc/developers-reference/ch-beyond-pkging.en.html#s-sponsoring
I think that section may be phrased a little too harshly. It seems to be based on an assumption that a sponsoree is necessarily less trustworthy than a random upstream author. It is of course true that as part of the normal quality check one does as part of a sponsored upload, one should check that the .orig.tar.gz does not contain spurious changes. But the idea that a sponsor should expect only a .diff.gz from the sponsoree is unsound - you would be less sure that the upstream source you use is the same as the one the sponsoree created his diff against. Ideally a sponsoree should be produce a full Debian source package. The sponsor checks it (including a sanity check of the .orig.tar.gz in case of a new upstream version), removes the sponsoree's signature on the .dsc and adds his own, builds a binary package, and uploads. In practice it is acceptable for the sponsor to recompute the .diff.gz and .dsc using dpkg-buildpackage (which in any case ought to produce identical files). But I think the sponsoree should provide a .dsc nevertheless, if only to document the checksum of the .orig.tar.gz he used for packaging. -- Henning Makholm "What a hideous colour khaki is." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
