On Sunday 30 April 2006 12:41, Bart Martens wrote: > On Sun, Apr 30, 2006 at 12:05:19AM -0700, Russ Allbery wrote: > > Bart Martens <[EMAIL PROTECTED]> writes: > > > http://www.debian.org/doc/manuals/developers-reference/ch-best-pkging-p > > >ractices.en.html#s-bpp-origtargz > > > http://www.debian.org/doc/debian-policy/ch-docs.html#s-copyrightfile > > > > I think Policy implies something different: > > > > In addition, the copyright file must say where the upstream sources > > (if any) were obtained. > > > > Explaining how the .orig.tar.gz file was derived is part of explaining > > where the upstream sources were obtained to me. I can see how others > > would read it differently, but that's the way it read to me the first > > time I read Policy. > > > > Policy says nothing about a README.Debian-source so far as I know. > > I agree that this interpretation is very reasonable. With this > interpretation, the debian-policy and the developers-reference seem to > contradict on where to describe how the .orig.tar.gz was repackaged. > > > One advantage of insisting on a get-orig-source target > > Do you insist on a get-orig-source target while sponsoring? It's > currently optional according to the debian-policy. > http://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules > > > as part of the > > review is that it ensures that the derivation of the .orig.tar.gz file is > > automated and reproducible, making it easier and quicker to package the > > *next* upstream release of the software. > > The next upstream .tar.gz may be completely different. Trying the > get-orig-source target on a new .tar.gz without first having a look > inside that new .tar.gz before, can make a mess.
Good point ! > Also, repackaging a .orig.tar.gz should be avoided. It is better to > encourage the upstream author to make the repackaging unnecessary before > the next upstream .tar.gz is released. That is, of course, not always > possible. Seems that we talk about cases where repackaging orig.tar.gz is the last change for a package to hit the official debian archive ( because of bad upstream/license/legal/other issues ;-) --snip-- > > I find automated processes more reliable than manual processes. If it's > > an exceptional case that requires careful review, it's even *more* > > important to automate where possible so that humans don't miss things by > > accident > > A sponsor should not trust a get-orig-source target written by the > sponsoree (is that correct english?). The sponsor should redo the ( should be sponsee I guess ;-) > repackaging of the .orig.tar.gz step by step to verify whether each step > is appropriate. Obviously a sponsor is much more interested to look at the exact programming bits (get-orig-source target implementation) than having to read and trying to reproduce instructions from a text file written in a natural language possibly by a non-english speaker ;-) This could be quite confusing and error-prone. Agreed ? -- pub 4096R/0E4BD0AB 2003-03-18 <people.fccf.net/danchev/key pgp.mit.edu> fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
