On Sat, Jul 23, 2011 at 4:46 AM, Sven Hoexter <s...@timegate.de> wrote: > On Fri, Jul 22, 2011 at 09:03:07PM -0300, Fernando Lemos wrote: >> Just to clarify, I find it concerning that we might be accepting >> source uploads that don't come straight from upstream and don't match >> what was released upstream. I'm relieved to hear that there is a way >> to ensure in your specific case that the source is the same as shipped >> upstream. I wish this was a requirement for new packages entering >> Debian. > > We do it all the time. Just 'dpkg -l|grep dfsg' on your local system > and you should find plenty of those modified source tarballs.
Yeah, I'm aware of those. > What I, as an uploader, do in such cases is a diff between the upstream > provided tarball and what's in the dfsg orig.tar.gz. You can get a > rough overview with diffstat and then review suspicious additions in > more detail. Thanks, that's what I expected to hear. -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/canvyna-rxxagbajqm8gywjiwyumicn1zh-pjgtl4u7re25f...@mail.gmail.com