Debian: what precisely identifies a source package
MOESSBAUER, Felix
felix.moessbauer at siemens.com
Mon Oct 27 09:38:04 UTC 2025
> yes. This is tracked as this bug:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072205
>
> I have not yet heard an argument against somehow trying to make sure that
> packages should not have the property of being unique by their
> name/version/arch triplet. We just still lack the tooling to make sure that new
> packages do not violate this principle.
Thanks for the clarification. From that bug report, I derive that the
same also applies to the source packages (with name/version tuple).
Regarding checksums: I'm wondering if the uniqueness of
name/version/arch triplets just refers to the content of a package, or
also to the .dsc file with its signature. IOW: Should it be allowed to
re-sign a .dsc file without changing the version? Here, I'm also
considering the case that a package is copied from debian-security to
debian.
Maybe that could be documented as well, in case the decision is made.
>
> P.S.: Holger made me aware of this thread via IRC and I haven't seen any
> mention of above bug yet, so here it goes. :)
Thanks for forwarding. I was a bit unsure to which list to direct this
message, but apparently people red it :)
Felix
--
Siemens AG
Linux Expert Center
Friedrich-Ludwig-Bauer-Str. 3
85748 Garching, Germany
More information about the rb-general
mailing list