On Aug 16, 2014, at 04:28 PM, Thomas Goirand wrote: >Why?!? Is there some sort of religion around tarballs? Shouldn't it be >the same stuff that "git archive" does? If it isn't, why is this the >case? Shouldn't one be able to use what's in the Git repository anyway? >Why can't it be fixed? Aren't we supposed to "build from source" anyway? >Isn't the upstream git repository the "preferred form for modification", >closer to what someone should be using when contributing upstream? Why >is it the case that upstream prefers that we use something generated >from his git repository? Shouldn't all what upstream generates in the >release tarball also done by the Debian package build anyway?
This all assumes very specific upstream release workflows. It might be fine in many cases, but there's such wide variety in upstream development processes that a maintainer would have to know much more about how upstream releases than they do now. I think about the typical PyPI package. I really don't have to know much about how upstream generated the tarball on PyPI (*and* signature/checksum), just that they magically did so. The upstream tarball is a shorthand and a very convenient abstraction for the upstream's magic - and perhaps not easily discovered - release process. >So yes, please do generate orig.tar.xz out of PGP signed tags, and do >Debian git-buildpackage based on tags repository, using the upstream git >repository as source. That's the correct technical thing to do, and you >wont regret it! As an upstream: please accept progress and convenience. As Debian developers, I think we generally shouldn't be dictating best practices to upstreams. Let them do whatever is most comfortable to them and let them concentrate on making good software! Upstreams have a lot more concerns then how well their branches fit into Debian's packaging machinery. Sure, most upstreams are pretty Debian friendly, but they might have to worry about how releases get made for vastly different OSes (i.e. not even Linux) so Debian can be just a blip for them. I.e. nice if they can make our lives easier but don't count on it. For better or worse, the tarball is the abstracted medium of exchange between upstreams and downstreams, and it makes good sense to have that. (I'm not arguing against using an upstream git tag when it *does* all work nice and smoothly, just saying you can't count on it, and should force our workflows onto upstreams'.) Cheers, -Barry
signature.asc
Description: PGP signature
