[Pkg-utopia-maintainers] stretch-pu: package flatpak, maybe want debdiff against security?
Ian Jackson
ijackson at chiark.greenend.org.uk
Sun Jul 16 09:24:36 UTC 2017
Simon McVittie writes ("Re: stretch-pu: package flatpak, maybe want debdiff against security?"):
> On Sat, 15 Jul 2017 at 22:13:14 +0100, Ian Jackson wrote:
> > * document-portal/xdp-dbus.c was generated by a version of
> > gdbus-codegen which seems to be only in Debian experimental. !
>
> This is regenerated at build time. I sent patches upstream to exclude
> it from the distributed orig.tar.gz, which were accepted, so this won't
> be an issue in 0.9.x; but that patch isn't going to be included in the
> 0.8.x stable branch (unless someone from the stable release team asks
> for it) because it isn't a fix for a user-observable bug.
Ah. Indeed. OK, I'm happy about that.
> I can exclude it from future diffs if desired.
I don't think that would be proper.
> > * gtk-doc.make has some noise (which seems to be just whitespace
> > changes but which is a bit hard to review as-is)
>
> gtk-doc.make is copied in from gtk-doc-tools by gtkdocize during the
> upstream autogen.sh run. It isn't currently replaced by dh_autoreconf.
> I could re-run gtkdocize with Debian's gtk-doc-tools at dh_autoreconf
> time if the release team want, but my assumption had been that this
> non-minimal change would be rejected.
It seems to me that this means that the source code for your proposed
updated package is not entirely within Debian. That is, your source
code includes the source in gtk-doc-tools which produces gtk-doc.make.
If I wanted to rebuild your package with an altered gtk-doc.make, I
would need the source to the corresponding gtk-doc-tools. But the
relevant gtk-doc-tools is not in Debian, because it's the one upstream
used to prepare their flatpak "source" package.
So this is, technically, a violation of the licence and of policy.
However, these files are functionally equivalent, because:
> I can confirm that
>
> git diff --ignore-space-change debian/stretch..debian/stretch-proposed -- gtk-doc.make
>
> eliminates all the changes except for deletion of one blank line,
> and the re-wrapping in the last patch band.
Personally, I would manually rerun gtkdocize on the source package, on
stretch, and include the resulting change as a Debian patch. Then the
resulting patched source tree in stretch-pu would be from Debian
stretch's gtk-doc-tools.
But maybe the release team have a different opinion.
> > This is a bit odd. Are these generated files even though they are in
> > the source package ?
>
> Yes. Blame Autotools.
I think that's unfair on autotools...
Regards,
Ian.
--
Ian Jackson <ijackson at chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
More information about the Pkg-utopia-maintainers
mailing list