On Thu, Nov 21, 2002 at 10:34:57PM -0700, Ted Gould wrote:
> On Wed, 2002-11-20 at 15:42, Thomas Mondoshawan Tate wrote:
> > RPM used to be a cpio based archive (RPM v1-3, I believe) -- now it's gone
> > to a nearly proprietary format entirely. The only way to access and create
> > these packages is with the rpm tools and libraries RH created.
>
> proprietary --
>
> adj : protected by trademark or patent or copyright; made or produced or
> distributed by one having exclusive rights; "`Tylenol' is a proprietary
> drug of which `acetaminophen' is the generic form"
>
> I would hardly call a format that is documented, has an implementation
> that is GPL'd, has free documentation on the format on the web, and is
> used in several different distributions proprietary. The only thing
> you've argued is that it is a new format. And that doesn't even make it
> bad.
Excuse me -- I chose the wrong word. I should have used the word,
"non-standard" or "non-conforming". The idea that I was _attempting_ to
convey was the fact that instead of using standard formats such as tar,
cpio, or ar, they have created an entirely new format that is not portable
across non-rpm systems without installing rpm utilities themselves, and
cannot be read/written to/from with standard *NIX tools. I'll remind myself
to choose my words more carefully to prevent such knee-jerk reactions later.
> > DEBs, on the other hand, are really nothing more than ar archives with two
> > files in them: control.tar.gz and data.tar.gz. The control tarball contains
> > the various shell scripts to be run for pre/post installation/removal, while
> > data.tar.gz contains the actual installation files.
>
> That is very interesting. I like the way that they used other formats.
> But: How do Debain files handle PGP signatures? Can they be embedded?
> What about subpackages?
Since I have limited experience building Debian packages, I'll refer you to
the Debian New Maintainers' Guide at
http://www.debian.org/doc/maint-guide/
-- it covers these questions and more. Additionally, on the subject of PGP,
I don't believe Debian uses PGP, but GnuPG instead.
I'm not 100% sure, but I believe for a long time (prior to the end of 2001 /
beginning of 2002) most Debian packages were not signed with a GPG key, and
this functionality has only just been hacked into the APT tools. der.hans
and Brian will probably know more about this than I.
--
Thomas "Mondoshawan" Tate
http://tank.dyndns.org:8080
mondoshawan@tank.dyndns.org