Hi! On Sun, 2015-07-19 at 13:48:14 +0200, Jakub Wilk wrote: > Package: debian-policy > Severity: wishlist
> Policy §5.6.12 reads: “The <upstream_version> may contain only alphanumerics > and the characters ‘.’ ‘+’ ‘-’ ‘:’ ‘~’ (full stop, plus, hyphen, colon, > tilde) and should start with a digit. […] if there is no <epoch> then colons > are not allowed.” > > But in practice: > > 1) There's been never a package with a colon in upstream_version in the > archive. > > 2) A colon in upstream_version implies a colon in the filename. Some > software might not tolerate such filenames; see bug #645895 for discussion. The problem with dpkg-source is just a matter of its assumptions related to epochs, otherwise it can handle colons just fine. ,--- $ dpkg-source -x pkg_1:1-1.dsc dpkg-source: warning: extracting unsigned source package (pkg_1:1-1.dsc) dpkg-source: info: extracting pkg in pkg-1:1 dpkg-source: info: unpacking pkg_1:1.orig.tar.xz dpkg-source: info: unpacking pkg_1:1-1.debian.tar.xz $ dpkg-parsechangelog -lpkg-1\:1/debian/changelog -SVersion 1:1:1-1 `--- > 3) dpkg in unstable won't even let you build a package with such version: > > $ head -n1 debian/changelog > adequate (1:1:1) UNRELEASED; urgency=low > $ dpkg-buildpackage -S > […] > dpkg-genchanges -S >../adequate_1:1_source.changes > dpkg-genchanges: error: invalid filename adequate_1:1.dsc > dpkg-buildpackage: error: dpkg-genchanges gave error exit status 255 Ah, thanks! That's an accidental regression introduced in dpkg 1.18.0, which I've just fixed now locally, but I'm pondering if it's worth including the fix in the upcoming 1.18.2 release, given the following: 4) GNU tar considers a colon the delimiter for a hostname, and tries to establish a network connection that will most probably fail, which affects both packing and unpacking. You have to use --force-local to avoid that, and I doubt upstreams might be bothered to do so, or inflict that onto their users: ,--- $ tar -tf pkg_1\:1.orig.tar.xz tar: Cannot connect to pkg_1: resolve failed $ tar -tf pkg_1\:1.orig.tar.xz --force-local pkg-1:1/ `--- > Therefore, I'd like to propose to disallow colons in upstream_version. So, in principle 2) and 3) are mostly problems in dpkg, 1) might be a quite good indication that upstreams do not usually do this, and 4) a very strong deterrent for them to do so. I'm ambivalent on disallowing this in Debian, and even if policy ends up disallowing it might still make sense to allow it in dpkg in case someone outside Debian is using such thing (although I'm having a bit of a hard time seeing this being used in practice). Thanks, Guillem -- To UNSUBSCRIBE, email to debian-policy-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150719154016.ga13...@gaara.hadrons.org
