Bug#79210: .orig.tar.gz definition and reality are out of sync

To: Henrique M Holschuh <hmh+debianbug@rcm.org.br>, 79210@bugs.debian.org
Subject: Bug#79210: .orig.tar.gz definition and reality are out of sync
From: Chris Waters <xtifr@dsp.net>
Date: Sat, 9 Dec 2000 15:45:21 -0800
Message-id: <[🔎] 20001209154521.A17369@starless>
Reply-to: Chris Waters <xtifr@dsp.net>, 79210@bugs.debian.org

Yes, this is true.  The subject has been raised before, and the
general consensus has always been that it is best, if possible, to
distribute an *unmodified* source tarball, for security reasons.  Many
source tarballs come with associated checksums or signatures, and we'd
like our users to be able to verify that they have recieved the
correct upstream sources in such cases.

In other words, we would prefer that foo.1.2.orig.tar.gz *NOT* unpack
to foo.1.2.orig, unless that just *happens* to be what the upstream
developers used (which has never happened to my knowledge).

However, last time the topic was raised, the packaging manual was just
a manual.  Now that it has the effect of policy, I think that it's
probably imperative that we change it to reflect what we really want
ASAP.  Thanks for bringing this up.

-- 
Chris Waters   xtifr@dsp.net | I have a truly elegant proof of the
      or    xtifr@debian.org | above, but it is too long to fit into
                             | this .signature file.

Reply to:

Follow-Ups:
- Bug#79210: orig.tar.gz definition and reality are out of sync
  - From: Wichert Akkerman <wichert@cistron.nl>

Prev by Date: Categorization, relating email threads, ditch tasksel and extend capt? (Re: cleaning up our task packages)
Next by Date: Bug#79210: orig.tar.gz definition and reality are out of sync
Previous by thread: Bug#79210: orig.tar.gz definition and reality are out of sync
Next by thread: Bug#79210: orig.tar.gz definition and reality are out of sync
Index(es):
- Date
- Thread