On Fri, Jul 22, 2011 at 09:03:07PM -0300, Fernando Lemos wrote:
Hi,
> Just to clarify, I find it concerning that we might be accepting
> source uploads that don't come straight from upstream and don't match
> what was released upstream. I'm relieved to hear that there is a way
> to ensure in your specific case that the source is the same as shipped
> upstream. I wish this was a requirement for new packages entering
> Debian.
We do it all the time. Just 'dpkg -l|grep dfsg' on your local system
and you should find plenty of those modified source tarballs.
What I, as an uploader, do in such cases is a diff between the upstream
provided tarball and what's in the dfsg orig.tar.gz. You can get a
rough overview with diffstat and then review suspicious additions in
more detail.
Sven
--
And I don't know much, but I do know this:
With a golden heart comes a rebel fist.
[ Streetlight Manifesto - Here's To Life ]
--
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110723074614.GA2371@marvin
