On 12/02/19 13:26, Ian Jackson wrote:
peter green writes ("Re: Recreating history of a package"):
https://github.com/plugwash/autoforwardportergit/blob/master/pooltogit will
take dscs in a pool structure and import them into git repos (one per source
package) using dgit, building the history based on the changelogs. It can even
follow history across source package renames.
It also has the ability to use snapshotsecure to download parent versions from
snapshot.debian.org , As the code stands it only uses that functionality to
request immediate parents of local versions, but it could be easily modified to
grab the entire history of the package (as defined by it's changelog).
Cool, thanks! Have you considered making a package of it ?
In it's present form it is specialized to the needs of autoforwardportergit, so
packaging it separately (if/when I get around to packaging autoforwardportergit
it will be packaged as part of that) in it's present form doesn't make much
sense. It would certainly be possible to generalize it, but that would require
thought/decisions on how best to do that.
Thinking more about the possibility of importing the entire history of a source
package it is more problematic than my off the cuff reply implied. It would be
easy to modify pooltogit to try to retrieve the entire history, but for a large
proportion of packages this would result in a failure to import for several
reasons.
1. Changelogs sometimes include versions that were never uploaded to Debian. I
suspect they also sometimes include versions that were uploaded but were
superseded before they made it to a snapshot.
2. Snapshot.debian.org is only offered over plain insecure http. For recent
versions the packages can be verified against the Packages/Sources files which
can in turn be verified with gpg but older versions are more problematic to
verify as the relevant packages/sources files are only signed with 1024 bit
keys or not signed at all. This is made worse by the fact that
snapshot.debian.org has an API to obtain the first snapshot a package is
available in but not any API to find the last snapshot it was available in.
3. Some packages aren't on snapshot.debian.org at all due to age.
4. Some packages are blocked on snapshot.debian.org due to license issues.
