Call for discussion: Migrating from interdiff to diff.gz for new upstream sponsoring

Emmet Hikory emmet.hikory at gmail.com
Thu Jan 10 12:26:56 GMT 2008


On Jan 10, 2008 5:55 PM, Sebastien Bacher wrote:
> On mer, 2008-01-09 at 21:47 +0900, Emmet Hikory wrote:
>
> > Proposal for discussion:
> >     Rather than requesting the submission of an interdiff, sponsors
> > should request (and expect) the presentation of a diff.gz file.
>
> Thanks for mailing the list about that. I'm also in favor of using the
> diff.gz, should the dsc be also attached to the bug though?

    I don't see any value to including the .dsc in the bug report.
Firstly, there is currently a limitation in Malone that it is
non-trivial to add more than one attachment per comment, so it
requires a second step.  Secondly, the contents of the .dsc consist of
the following:

1) Some headers from debian/control (or trivially derived therefrom)

    This is just duplicate information already present in diff.gz (or
in particularly annoying cases, in the orig.tar.gz, but that's a
different issue).

2) checksums for upstream + diff,gz

    The diff.gz checksum might be interesting, but the orig.tar.gz
md5sum is guaranteed to be incorrect for any repack, VCS snapshot,
tarball-in-tarball, or any other adjusted orig.tar.gz due to the
nature of tar and md5sum/sha1sum/etc..  While such packages are the
minority, they are common enough (especially .zip and .bz2 upstreams)
that it seems unlikely to be a useful check.  I am especially
concerned about this given the number of unexplained changes to
orig.tar.gz files I have seen on REVU.

    If the diff.gz checksum is indeed interesting, perhaps requesting
that this be added as text in the comment accompanying the attachment
would serve a similar purpose.

3) A signature

    As these are candidates for sponsorship, the signature will be
replaced by the sponsors signature when building a source package.
Further, the identity of the person submitting the candidate is shown
in the comment in Malone, and additional checks serve little purpose,
because if we can't trust LP with identity, there are larger problems
present.

4) Some autogenerated bits (e.g. "Format: 1.0")

    These don't really help with sponsoring.

-- 
Emmet HIKORY



More information about the ubuntu-devel mailing list