severity 523184 minor thanks On Thursday 09 April 2009 08:38:36 Raphael Hertzog wrote: > On Wed, 08 Apr 2009, Resul Cetin wrote: > > I noticed that `dpkg-source -b SOURCEDIR` will create a *.debian.tar.gz > > Only if you use a newer source format (and it's currently not the default > format). Yes, it is better to inform about possible problems before something gets the default. (my opinion)
> > which includes personal informations. This includes username and group > > of the current user which creates a package. These informations aren't > > meant for other people. > > I find this reasoning too extreme. If the user builds a native package it > will also contain a tarball with its current user encoded: > $ apt-get source debhelper > [...] > $ tar ftv debhelper_7.2.7.tar.gz > drwxr-xr-x joey/joey 0 2009-03-26 20:20 debhelper/ > drwxr-xr-x joey/joey 0 2008-12-17 00:13 debhelper/Debian/ > > This is the case ever since Debian has existed and it has never been a > problem. So the problem is not affecting only Format: 3.0 (quilt). Thanks. I never build a native package and didn't noticed that. > Any upstream tarball also encodes the username of the upstream author: > $ tar ztvf zim_0.27.orig.tar.gz|head > drwxr-xr-x pardus/pardus 0 2008-11-12 21:02 Zim-0.27/ > -r--r--r-- pardus/pardus 35982 2008-11-12 21:02 Zim-0.27/zim.pot Wrong, not all tarballs have it. The only ones seem to be the one that don't care of it. Take for example the linux kernel source code as a different example. Do you need another one? hg-archive and git-archive for example will create archives without the information who was the original author of the file. I think darcs and co. will do the same, but I haven't tested it yet. So releases created by them will not leak such informations. > Since it doesn't create any problem at unpack time, I don't see a good > reason to change this behaviour. In fact it might even be useful to be able > to track down who built a package. GPG-Signature of the dsc? The problem is not the information who build it, but the local username and group. I am currently not able to say that I don't want somebody else to know that I am the sexy_overlord in the group hate_oss. Regards, Resul Cetin -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
