[HTTPS-Everywhere] Creating a debian package for https everywhere

Fri Feb 11 13:53:51 PST 2011

Dear Peter,

On Feb 11 2011, Peter Eckersley wrote:
> Rogério,
> 
> Many thanks for working on this!

Thank you very much for your nice observations.

> Here are a few quick observations:
> 
> - https everywhere 0.9.9.development.4 does not exist yet, so it seems
>   problematic to package it ;).

Oh, sure. This is an artificiality on the Debian side of things.

In a pseudo-mathematics form, the idea is basically this: for any version
number m and any string n, the package manager treats the version number m~n
in a way that m~n < m, but m~n > (m-\epsilon), for any \epsilon > 0 and
m~n > m~n', for any n' lesser than n. 

Thus, 0.9.9.development.4~foo is greater than 0.9.9.development.3, than
0.9.9.development.3.0.1, than 0.9.9.development.3+hotfix, and so on, but
lesser than 0.9.9.development.4.

I hope that this is not too confusing. :) (The fact that we can put tildes
arbitrarily chained is also nice).

>   You could either package 0.9.9.development.3, using that .xpi file or
>   git tag, or pick a git-<timestamp> type version number if you want to
>   package the very latest thing that's in the master repository

Give the explanation above, what do you think would be a good policy, if I
want to generate both bleeding edge and "stabler" versions? The stabler
versions are very easy, though.

> - the install.rdf file still has the 0.9.9.development.3 version number,
>   which is an incorrect intermediate state from the git repository.  The
>   install.rdf version number should be the same as the package's version
>   number.

Oh, good catch.

> - I presume that these packages disable automatic updates?   If so, it might
>   be safest to package the stable releases rather than the development
>   releases, because once something goes out in a stable release of debian, it
>   can be around for a long, long time.

If you people don't mind it, I can try to make the deb packages as part of
the script that creates the xpi file or part of the makefile target, which
seems saner to me.

> - I was going to suggest that alternatively, you could pakcage the development
>   branch for debian-volatile.  However, it seems that debian-volatile is going
>   away.  Maybe it's okay to package the development branch if debian's
>   stable-updates mechanism will allow you to get fixes to rulesets out to
>   users in a timely manner.

Yes, two points here:

* For some software that I care about (read: HTTPS Everywhere and
  youtube-dl), I tend to upload things to the main repository in the very
  same day as they are released.

* I think that debian-volatile is indeed going away, but that Debian
  backports is, perhaps, filling its role:

  http://backports.debian.org/news/squeeze-backports_and_lenny-backports-sloppy_started/

Thanks for your feedback,

Rogério Brito.

-- 
Rogério Brito : rbrito@{ime.usp.br,gmail.com} : GPG key 4096R/BCFCAAAA
http://rb.doesntexist.org : Packages for LaTeX : algorithms.berlios.de
DebianQA: http://qa.debian.org/developer.php?login=rbrito%40ime.usp.br