Package: dpkg; Maintainer for dpkg is Dpkg Developers <debian-dpkg@lists.debian.org>; Source for dpkg is src:dpkg (PTS, buildd, popcon).
Reported by: jdassen@wi.leidenuniv.nl (J.H.M.Dassen)
Date: Mon, 9 Jun 1997 08:18:01 UTC
Severity: wishlist
Merged with 37017
Found in version 1.4.0.34
Fixed in version dpkg/1.9.0
Done: Wichert Akkerman <wakkerma@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded to debian-bugs-dist@lists.debian.org, Ian Jackson <ian@chiark.greenend.org.uk>
:
Bug#10452
; Package dpkg
.
(full text, mbox, link).
Acknowledgement sent to jdassen@wi.leidenuniv.nl (J.H.M.Dassen)
:
New bug report received and forwarded. Copy sent to Ian Jackson <ian@chiark.greenend.org.uk>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: dpkg Version: - This is not a bug; it is a feature request. Like RPM, Debian's distribution system uses PGP signatures heavily. Unlike RPM, PGP signatures are not currently built into the package format, which would be quite useful (see Ted's article included below). Is it possible to build in PGP signatures? (preferably as a separate file in the ar archive, for backwards compatibility) Greetings, Ray Path: news.wi.leidenuniv.nl!highway.leidenuniv.nl!surfnet.nl!howland.erols.net!b loom-beacon.mit.edu!senator-bedfellow.mit.edu!senator-bedfellow.mit.edu!not-for -mail From: "Theodore Y. Ts'o" <tytso@MIT.EDU> Newsgroups: comp.os.linux.development.system Subject: Re: [NO FLAMES!] Re: rpm vs. dpkg (was: Re: Future of Linux (a flame about RPM/GLINT)???) Date: 7 Jun 1997 15:44:53 -0400 Organization: The Internet Lines: 61 Sender: news@athena.mit.edu Distribution: world Message-ID: <5ncdnl$a2a@senator-bedfellow.MIT.EDU> Reply-To: tytso@MIT.EDU NNTP-Posting-Host: senator-bedfellow.mit.edu Xref: news.wi.leidenuniv.nl comp.os.linux.development.system:49989 From: wilcoxb@ucsu.Colorado.EDU (Zooko) Date: 7 Jun 1997 13:32:06 GMT * I went in to some details about _why_, I think, Debian is able to support more packages with (probably) equal effectiveness. (Namely that there are many more Debian maintainers, and Debian maintainers are more likely to have an.. um.. "personal" relationship with the software they support.) * I said that this observation kind of disturbs me, since I'm very much in favor of people getting paid for this kind of work. I'll make the following observations: 1) It's an open question whether "hundreds" of part-time volunteers are better than 6-8 highly focused, full-time developers. People who aren't familiar with Brooks Law should run, not walk, to the cloest bookstore and get a copy of "The Mythical Man-Mouth": Brooks's Law /prov./ "Adding manpower to a late software project makes it later" -- a result of the fact that the expected advantage from splitting work among N programmers is O(N) (that is, proportional to N), but the complexity and communications cost associated with coordinating and then merging their work is O(N^2) (that is, proportional to the square of N). The quote is from Fred Brooks, a manager of IBM's OS/360 project and author of "The Mythical Man-Month" (Addison-Wesley, 1975, ISBN 0-201-00650-2), an excellent early book on software engineering. The myth in question has been most tersely expressed as "Programmer time is fungible" and Brooks established conclusively that it is not. Hackers have never forgotten his advice; too often, management still does. See also creationism, second-system effect, optimism. (I'll note that some of the reports that I've gotten about internal Debian politics amongst the Debian developers would tend to bear Brooks law out.) 2) Some packages, such as my e2fsprogs package, are distributed natively as an RPM package. I chose this because it's the most convenient way for me to build and distribute source and binary packages. One feature which I very much like is the easy ability to embed PGP signatures to digitally sign both my source and binary packages, which can be easily verified by people who wish to make sure the package really was from me. Since it's built into the binary package format, you don't need to worry about a clumsy secondary .pgp file; it's out of the way for people who don't know about it, and convenient to verify for those people who like to be paranoid about where their software comes from (especially software which is run as root! :-) 3) As far as people (like myself) not getting paid for this kind of work, you get payback in all sorts of indirect ways --- from invitations to speak at conferences all over the world, to the joy that knowing that the work that you do is useful to a large number of people. - Ted
Severity set to `wishlist'.
Request was from Ian Jackson <ijackson@chiark.greenend.org.uk>
to control@bugs.debian.org
.
(full text, mbox, link).
Changed Bug title.
Request was from Ben Collins <bmc@marcus.seva.net>
to control@bugs.debian.org
.
(full text, mbox, link).
Merged 10452 37017.
Request was from Ben Collins <bmc@marcus.seva.net>
to control@bugs.debian.org
.
(full text, mbox, link).
Reply sent to Wichert Akkerman <wakkerma@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to jdassen@wi.leidenuniv.nl (J.H.M.Dassen)
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #16 received at 37017-close@bugs.debian.org (full text, mbox, reply):
We believe that the bug you reported is fixed in the latest version of dpkg, which has been installed in the Debian FTP archive: dpkg-doc_1.9.0_all.deb to pool/main/d/dpkg/dpkg-doc_1.9.0_all.deb dpkg-1.9.0.tar.gz byhand dpkg_1.9.0.dsc to pool/main/d/dpkg/dpkg_1.9.0.dsc dpkg-dev_1.9.0_all.deb to pool/main/d/dpkg/dpkg-dev_1.9.0_all.deb dpkg-1.9.0_i386.nondebbin.tar.gz byhand dpkg_1.9.0_i386.deb to pool/main/d/dpkg/dpkg_1.9.0_i386.deb dpkg_1.9.0.tar.gz to pool/main/d/dpkg/dpkg_1.9.0.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 37017@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Wichert Akkerman <wakkerma@debian.org> (supplier of updated dpkg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 26 Apr 2001 12:39:16 +0200 Source: dpkg Binary: dpkg-dev dpkg-doc dpkg Architecture: source all i386 Version: 1.9.0 Distribution: unstable Urgency: low Maintainer: Wichert Akkerman <wakkerma@debian.org> Changed-By: Wichert Akkerman <wakkerma@debian.org> Description: dpkg - Package maintenance system for Debian dpkg-dev - Package building tools for Debian dpkg-doc - Dpkg Internals Documentation Closes: 4784 4974 13961 15644 25317 25496 31620 37017 45511 60717 60717 65284 67528 67896 68783 72406 74372 74814 75139 75562 75796 80142 80529 80532 81358 81630 82419 82708 82723 83042 83083 83468 83752 83812 84328 84361 84449 84582 84625 84905 85035 85040 85080 85847 85977 86453 86658 86847 87238 87485 87505 87571 87572 87579 87581 87985 88015 88225 88987 89000 89409 90328 90516 90722 90982 92908 93559 93873 94474 95023 95088 Changes: dpkg (1.9.0) unstable; urgency=low . * Things should mostly work OpenBSD 2.8 as well now * Added a --status-pipe option. * Fixed several memleaks. * Profiled dpkg. * Reworked lib/parse.c:parsedb(). Instead of using getc(), then calling varbufaddc(), it now reads the entire file at once into a huge buffer, then moves pointers around, to do the parsing. This gave a speedup of 33% on a dual celeron 333, when reading status and available. * various other speedups. * Removed all --smallmem code, as smallmem and largemem now actually use about the same amount of memory, and largemem is faster. Both --largemem and --smallmem are now obselete options, and will print a warning if used. Closes: Bug#84905, #67528 * Initialize unitialized variables. This should solve several segfaults. Closes: Bug#25317(plus 9 others, thru the beauty of merges) * Found that when working with dependency cycles, and part of the cycle was a provide, the provider was not being considered, so the cycle could not be broken. Closes: Bug#87985(and 3 others) * Update German translation, Closes: Bug#80529,#80532,#87581 * Update French translation, Closes: Bug#65284,#85035,#87238 * Update Japanese translation, Closes: Bug#93873 * Updated all other translations (but no bugs filed) * Add Danish translation * Remove spurious '%s' in Polish translation, Closes: Bug#74814 * Add French manpages, courtesy of Philippe Batailler * Ingore vim swapfiles in dpkg-source, Closes: Bug#81630 * remove --import option from dpkg-statoverride, Closes: Bug#81358 * Replace nfmalloc implementation with obstack. Added obstack.[ch] to optlib, for non-GNU systems. * dpkg-divert only allows absolute filenames now. Closes: Bug#82419 * Handle diffs from non-existing files to existing files. Closes: Bug#82708, #90982. * Small fixes to the buildsystem. Closes: Bug#84361 * Fix dpkg-statoverride --update for things other then plain files. Closes: Bug#84449 * Fix race with source directory disappearing in dpkg-source. Closes: Bug#45511 * Fix manpage for dpkg-gencontrol. Closes: Bug#84625 * Add -n option for dpkg-gencontrol to specify a filename. Closes: Bug#75796 * Use POSIX glob instead of regexp in debian/rules. Closes: Bug#83042, #84582 * fix typo in usage message for dpkg-divert, Closes: Bug#85977 * Use full path for argv[0] when calling scripts. Closes: Bug#68783 * Add ia64 support to dpkg-architecture. * Minor script changes, Closes: Bug#87485 * Stop dpkg-genchanges from complaining about missing packages when doing a source-only build. Closes: Bug#87571,#15644,#25496 * Various dpkg-architecture cleanups. Closes: Bug#87505 * Modify dpkg-architecture to handle gcc versions containing letters. Closes: Bug#83083 * dpkg-buildpackage updates: Closes: Bug#87572,#85847 + make -C work properly + fix test for gpg secret keyring + improve source messages + skip signing pause when building unsigned packages + test for invalid signinterface. Closes: Bug#87579 + remove debsign support, it's useless and doesn't work + Use correct architecture when naming .changes file. Closes: Bug#88015 * Fix wording in dpkg-statoverride manpage for --add. Closes: Bug#85080 * Fix typo in start-stop-daemon manpage. Closes: Bug#88225 * Add dpkg-checkbuilddeps to check if build dependencies are satisfied and modify dpkg-buildpackage to call it if wanted. Closes: Bug#86453,#83812,#60717,#74372,#67896,#60717,#13961 * dpkg-parsechangelog can read a changelog from stdin now. Closes: Bug#80142 * Fix confusing wording for dpkg-buildpackage -uc option in manpage. Closes: Bug#83468 * dpkg-statoverride now exits with exitcode 1 if we do a --list but don't output anything. Closes: Bug#84328 * Remove Linux reference from all scripts, they should run fine on other OSes as well. * Mark last argument in dpkg-scanpackages usage info as optional. Closes: Bug#86658 * Fix cache in dpkg-scanpackages version comparison. Closes: Bug#90722 * Fix formatting error in dpkg-source.1. Closes: Bug#82723 * Change dpkg-gencontrol to fix comma-related syntax errors after processing substvars. Closes: Bug#92908 * Verify package signatures if debsig-verify is installed. Closes: Bug#37017 * Handle window resize in dselect main menu. Closes: Bug#93559 * Initialize all parts of the package record. This should fix several segfaults people have been seeing in dpkg. Closes: Bug#90328. * Apply patch from bug#86847, that escapes intl chars in filenames. Closes: Bug#83752, #85040, #86847, #89000. * Errors during dpkg -s(and other similiar commands) are now printed on stderr. Closes: Bug#88987. * Add a --retry option to start-stop-daemon. Closes: Bug#75139 * Fix regeps to extract Closes magic from a changelog so the # is really optional. Closes: Bug#94474 * Remove useless statement from dpkg-shlibdeps. Closes: Bug#90516 * Make the debian changelog parser identify itself with $progname. Closes: Bug#89409 * Give a syntax error when we get an unexpected PGP signature in control files. Closes: Bug#75562 * Change dpkg manpage to reflect that --force-statoveride is no enabled by default. Closes: Bug#95023 * Handle dangling symlinks, by ignoring error code 1 from find, when processing --recursive. Closes: Bug#4784 * dpkg -L, -S, -l, -s, and -p now return an error code if any package does not exist. Closes: Bug#4974, #72406 * dselect has a configuration file as well now * Get ENOENT value at runtime in dpkg-divert instead of hardcoding it. Closes: Bug# 31620 * Fix wrong ENOENT test in dpkg-divert. Closes: Bug#95088 * Add support for more SuperH variants (sh[34]{,eb}-linux-gnu) * Fix formating and a typo in the dpkg manpage * Document the dpkg.cfg configuration file in dpkg(8) Files: 2c6e367d8f9b51cf417ccfb35b858190 618 base required dpkg_1.9.0.dsc 5c2b99e664b04c744eb93f079b51aef5 1288818 base required dpkg_1.9.0.tar.gz 91767f85b979ebc86769149d8bb323cc 1018776 base required dpkg_1.9.0_i386.deb ea12da65ab5292cdb2b5d95d6b684dcc 1008856 byhand - dpkg-1.9.0_i386.nondebbin.tar.gz 7f3f84fc919a122d7c492a1712f0b081 99710 devel important dpkg-dev_1.9.0_all.deb 60bda539ece505c4eb2f7784be118571 10648 doc extra dpkg-doc_1.9.0_all.deb 5c2b99e664b04c744eb93f079b51aef5 1288818 byhand - dpkg-1.9.0.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjrobwYACgkQPLiSUC+jvC3kEgCfX2M/zG64KdWbAfJ2QMjdWi3y wq8An246QZUfICOMkw3TcI1zsNgSqnig =OR1+ -----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.