On Tue, Dec 30, 2003 at 11:06:35AM -0500, Jay Berkenbilt wrote: > Now I'm strongly considering making the switch to Debian and am > evaluating moving my whole installation system over to dpkg. dpkg > seems superior to rpm in almost all respects (richer dependencies, > better documentation, more robustness, apt, etc.), but there's one > thing that bothers me. When building an rpm, multiple source files > and multiple patch files can be specified, and arbitrary commands can > be used to extract sources and apply patches. This makes it easy to > build an rpm of a standard package with a handful of separately > maintained patches applied.
While multiple patches are certainly advantageous (and are, I believe, intended to be supported in the next version of the Debian source package format), I don't like the idea of arbitrary commands to extract sources and apply patches. I very much prefer being able to unpack and examine the source of a package without trusting the person who created it. There are various systems used in Debian which pack multiple patches into the Debian .diff (see dpatch, cdbs, etc.). > As far as I can tell, a Debian package consists of a single source > tarball and a single diff. Is this right, or have I missed something? > Coming from an rpm perspective, it seems to me that this would make it > much more difficult to manage locally modified versions of packages. I prefer to use CVS (see the cvs-buildpackage package) to maintain local branches of Debian packages. Since CVS doesn't separate patches either, there isn't much lost there. > Lastly, please feel free to correct my terminology if I'm using it > incorrectly. For example, is it correct to say dpkg-based rather than > deb-based? dpkg is a program which operates on Debian packages. "deb" is a common shorthand for the Debian binary package format. -- - mdz