Hello,

in 2020 there was a brief discussion on debian-devel@ about trimming
changelogs [1,2].

Now there is a working implementation of said functionality in `dh_installchangelogs` [3].

This implementation, combined with the evolution of the apt/dpkg
ecosystem that happened in the meantime, provides now all the benefits
of changelog trimming (less wasted space and bandwidth worldwide,
reduced processing time) without the downsides discussed at the time.

## In detail

* `dh_installchangelogs` is modified install in binary packages the
trimmed changelogs, i.e. changelogs that contain only entries more
recent than the release date of oldstable.

* The trimming is done automatically in compat >= 14.

* The `--no-trim` option allows package maintainers that want to ship
the whole changelog a way to do so.

* The full changelogs are preserved in the source packages and thus
available via `apt changelog` and similar mechanisms.

* The trimming process happens at build time and requires no
modification to the changelogs stored in the VCS repos, nor changes to
the packaging.

## Data on file size reduction

On a sample of ~13.000 packages, the median reduction in size of
gzip-9'ed changelogs is 56% (mean 50%).

Ancient packages or heavily developed packages gain a lot from trimming
the changelogs. Some examples (gzipped → trimmed+gzipped):

* debian-keyring: 664k → 47k (-92%)
* dpkg (essential): 223k → 22k (-90%)
* apt (essential): 156k → 14k (-90%)
* systemd: 110k → 23k (-78%)
* gcc-12: 189k → 18k (-90%)
* python3.9: 48k → 4k (-90%)
* e2fsprogs: 68k → 7k (-89%)

## Consensus

Does anybody have objective objections against activating automatic
changelog trimming in binary packages?

Regards,

[1] https://lists.debian.org/debian-devel/2020/03/msg00299.html
[2] https://bugs.debian.org/954313
[3] https://salsa.debian.org/debian/debhelper/-/merge_requests/80

--
Gioele Barabucci

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------ncr4G4MlyD0CYrbSuoZZvSff
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

DQpIaSBHaW9lbGUsDQoNCnRoYW5rcyBmb3Igd29ya2luZyBvbiB0aGlzIQ0KDQpBbSAxOC4w OC4yMiB1bSAyMToxOCBzY2hyaWViIEdpb2VsZSBCYXJhYnVjY2k6DQo+IA0KPiBIZWxsbywN Cj4gDQo+IGluIDIwMjAgdGhlcmUgd2FzIGEgYnJpZWYgZGlzY3Vzc2lvbiBvbiBkZWJpYW4t ZGV2ZWxAIGFib3V0IHRyaW1taW5nIA0KPiBjaGFuZ2Vsb2dzIFsxLDJdLg0KPiANCj4gTm93 IHRoZXJlIGlzIGEgd29ya2luZyBpbXBsZW1lbnRhdGlvbiBvZiBzYWlkIGZ1bmN0aW9uYWxp dHkgaW4gDQo+IGBkaF9pbnN0YWxsY2hhbmdlbG9nc2AgWzNdLg0KPiANCj4gVGhpcyBpbXBs ZW1lbnRhdGlvbiwgY29tYmluZWQgd2l0aCB0aGUgZXZvbHV0aW9uIG9mIHRoZSBhcHQvZHBr ZyANCj4gZWNvc3lzdGVtIHRoYXQgaGFwcGVuZWQgaW4gdGhlIG1lYW50aW1lLCBwcm92aWRl cyBub3cgYWxsIHRoZSBiZW5lZml0cyANCj4gb2YgY2hhbmdlbG9nIHRyaW1taW5nIChsZXNz IHdhc3RlZCBzcGFjZSBhbmQgYmFuZHdpZHRoIHdvcmxkd2lkZSwgDQo+IHJlZHVjZWQgcHJv Y2Vzc2luZyB0aW1lKSB3aXRob3V0IHRoZSBkb3duc2lkZXMgZGlzY3Vzc2VkIGF0IHRoZSB0 aW1lLg0KPiANCj4gIyMgSW4gZGV0YWlsDQo+IA0KPiAqIGBkaF9pbnN0YWxsY2hhbmdlbG9n c2AgaXMgbW9kaWZpZWQgaW5zdGFsbCBpbiBiaW5hcnkgcGFja2FnZXMgdGhlIA0KPiB0cmlt bWVkIGNoYW5nZWxvZ3MsIGkuZS4gY2hhbmdlbG9ncyB0aGF0IGNvbnRhaW4gb25seSBlbnRy aWVzIG1vcmUgDQo+IHJlY2VudCB0aGFuIHRoZSByZWxlYXNlIGRhdGUgb2Ygb2xkc3RhYmxl Lg0KPiANCj4gKiBUaGUgdHJpbW1pbmcgaXMgZG9uZSBhdXRvbWF0aWNhbGx5IGluIGNvbXBh dCA+PSAxNC4NCj4gDQoNCkkgdGhpbmsgd2Ugc2hvdWxkIGRvIHRoZSB0cmltbWluZyBieSBk ZWZhdWx0LCBzbyBJJ20gYWxsIGluIGZhdm91ciBvZiANCnlvdXIgcHJvcG9zYWwuIEhhdmlu ZyB0aGUgbGFzdCBjaGFuZ2Vsb2cgZW50cmllcyBkYXRpbmcgYmFjayB0byANCm9sZHN0YWJs ZSBzZWVlbXMgbGlrZSBhIHJlYXNvbmFibHkgY2hvc2VuIHRpbWUgZnJhbWUgYW5kIG9sZGVy IGNoYW5nZWxvZyANCmVudHJpZXMgY2FuIGJlIHF1ZXJpZWQgZWFzaWx5IGVub3VnaCB2aWEg ImFwdCBjaGFuZ2Vsb2ciLg0KSWYgeW91IG5lZWQgbW9yZSBkZXRhaWxzIGFib3V0IGEgc3Bl Y2lmaWMgcGFja2FnZSwgeW91IGFyZSBtb3N0IGxpa2VseSANCmJlc3Qgc2VydmVkIGFueXdh eSBieSBsb29raW5nIGF0IHRoZSBWQ1MuDQoNCg0KSSdkIGV2ZW4gZ28gYXMgZmFyIGFuZCBl bmFibGUgdGhlIHRyaW1taW5nIHVuY29uZGl0aW9uYWxseSBhbmQgbm90IHRpZSANCml0IHRv IGEgY29tcGF0IGJ1bXAuDQoNClJlZ2FyZHMsDQpNaWNoYWVsDQo=

--------------ncr4G4MlyD0CYrbSuoZZvSff--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmL+s14FAwAAAAAACgkQauHfDWCPItyr 5RAAivYTtAbbocXD9nwp8hX3+DM5GgYQ5JLik4CCzwV4hlurQD7hNiJmuZXZdspyRaYOyKoqNRQd qccd8QTLTylBAw6zqE75rU9Ut/+IiZih0jfWSp3cgoUC0ovA/YG4gBfcduRE+RvQ77Uv9uyLzuSH u2UIcy0CpY1kQcSNdbuAUsnS2xxKQ+nP1kmCRKaOcz4FGfFFVl9LkTKzExJmcrL8HJ4wAcL4COIL 2Ex7y6mROEw8dTFVl8F+J4hd+isibE24fFd1/R1++z1kBZsSx2KydH1mQhE/gxUPeQhxk0Q5UNCa S9QhKhgb9oPMSUhTxDodXgUvSZqxcYKdbqUkCadIjL1V3wxmNqicGy65Yeh7uuJp9muoM/Z7JohB 7qcIIQdSj63pF1g368Eiv27AwN4oVWQwWBb1Z7KBU+7E3ZU/FfT4drSQSAALELL34PTmegL+Uz4z e0vAxMdjuXlsvyyoP3+lOWUk4hGlvs4FucyoXo+n8pGUbFGXcnXzDwSY0kLdZByVqQlmsCUXHB0o 72tuuAeD5drYZwr0u0I/USvSbsNrUZgXZPLTgRLAuWyc7sATVPUDVqX0H3TjDYuY+ql0b8JVZqn8 IXtWK23ytgdPLHzT9bHnJC9W/wQfVSazMZXEhIKgXt1tjHHLGWr6hJWKzMKfrgDSEjCf/CyLOt4y ibA=
=Xeut
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi!

On Thu, 2022-08-18 at 21:18:35 +0200, Gioele Barabucci wrote:

in 2020 there was a brief discussion on debian-devel@ about trimming changelogs [1,2].

My objections from that time still stand:

<https://lists.debian.org/debian-devel/2020/03/msg00482.html>

I would also like to highlight David Kalnischkies reply:

<https://lists.debian.org/debian-devel/2020/03/msg00309.html>

Thanks,
Guillem

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 2022-08-18 at 21:18 +0200, Gioele Barabucci wrote:

* The `--no-trim` option allows package maintainers that want to ship
the whole changelog a way to do so.

* The full changelogs are preserved in the source packages and thus available via `apt changelog` and similar mechanisms.

Does anybody have objective objections against activating automatic changelog trimming in binary packages?

Thank you for working on this.

My original concern about automatically trimming logs was about convenience
of debugging -- I sometimes need to search among the full history to see
what happened to the package of interest in the past, or to quickly figure
out what change has been made at what time.

Since `apt changelog` can still retrieval the full history, my concerns
are gone.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 2022-08-18 at 21:18 +0200, Gioele Barabucci wrote:

Does anybody have objective objections against activating automatic changelog trimming in binary packages?

Before we consider enabling this by default, first we need a way for
`apt changelog` to download the full changelog rather than loading the changelog from /usr/share/doc in the currently installed package.

Otherwise people who want to look at the full changelog for the
currently installed version of the package will have no easy way to do
so. They will have to manually find it instead, which isn't exactly an
easy process if you do not know where the changelogs are stored online.

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmL+4OIACgkQMRa6Xp/6 aaPjBQ//ZPYqLiVdD6X30gkUHL9L6TEA22W+JDLl6AfB3lA5hSOgOGGxRZdso4cl HRTcetFxE1i/fdmJ9lnA5YuzvCe0yHyblTiGhk/crW874pu4mzAKv3KtvYCiTl3h Ugns7W2f2CEqWeF9bwX1q9FCFF1FrFM5lLX3iaH6h4vm6kSoBg+9k6vCnXehKHvi +SEjNGiI4MvaELrVIxlNIQG559PY/3684Z1LI9YmBZgahq+JqRXqYD+khYajfUSQ SwlwTEzWOkD4PkE07qNtsGDw+YqzAmlenR4A0Qmxq6mNXLcv/5oemH2KMx7DLTez T6KVadX8kDAFF49SXd3sNnDtHkqzvqSOmz5+GR6iw/gGeBpTbb3g20xNjJEJ3FFM Mf5/QxPkK4izHcYSFG7Tfr20WQ1AdLy4CH99IIME9Kl191js66So3zKz5YJjWzn4 wb9n5rR0syRX1DtMC0DpIQaGbinPUVnAXrsFAH8yTPe85FbQQHMVdw/2PuYy4Wbo tme9yCPYt3/K5DmX/n/8ZImHXpLiQTYruMjvmDlC3xhmOr0aetPkCEBJEZ3bREAn VFUBKXR6ppGIt20x1ldBqMkQkzy644K1iwcY6ZkZuwDBJuIt5VcgI3k5zhmQZtwB fmD1guYkTKhpUop8gMj52IfX7GM0IXwhiFmwuRy7C7HxSh5ZOgQ=
=HrQz
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 19 Aug 2022 00:46:21 +0200, Guillem Jover wrote:

My objections from that time still stand:

<https://lists.debian.org/debian-devel/2020/03/msg00482.html>

I would also like to highlight David Kalnischkies reply:

<https://lists.debian.org/debian-devel/2020/03/msg00309.html>

Dear Guillem,

I believe all factual objections raised in those two email are well
handled by the proposed `dh_installchangelogs` MR.

Here are the factual objections in those emails, reordered and
reformatted for sake of readability:

Doing that trimming globally would also mean that this applies even
to packages that are for local or derived use where something like
«apt changelog» will in most cases not work.

Maintainers of packages _meant_ to be installed locally (i.e.,
distributed outside repos) can use `--no-trim`.

Packages distributed by Debian derivatives can (and should) set the `Changelogs` field in their Release files [1], or provide an appropriate `Acquire::Changelogs::URI::Origin::DISTRO` apt.conf.d snippet.

Assuming the repository supports it. I have yet to encounter a
third-party which does, so if Debian would trim e.g. in debhelper by
default some care might need to be applied so that this happens only
to packages which end up in Debians repositories… which could
complicate reproducibility as its clear for a buildd, but my local
sbuild…

Similar to the point above, if the third-party developers are

1) willingly distributing their packages via a repository that does not
set `Changelogs:` and
2) also really want to make the full changelogs available,

then they can pass `--no-trim` to `dh_installchangelogs`.

The explicit use of `--no-trim` will make the packages reproducible.

The benefit of treating all packages the same is that tools working
with changelogs can handle the grunt work: "apt{,-get} changelog pkg"
prefers the changelog on disk if available – except for repositories
which identify as "Ubuntu" for which it will always download the
online changelog for display.

(I read this as a comment _in favor_ of automatic trimming, but maybe
I'm just reading it through rose-tinted glasses.)

Once automatic changelog trimming is the default, then fixing `apt
changelog` is a matter of setting `Acquire::Changelogs::AlwaysOnline::Origin::Debian` to true in apt.conf.d/

A proposal I've been floating around from time to time has been to
instead make the changelog and copyright files deb/dpkg metadata
(which they really are anyway IMO).

That is indeed a good idea. And, by implementing it in addition to `dh_installchangelogs` auto-trimming, it will even further reduce the
amount of wasted space and bandwidth.

Regards,

[1]
https://salsa.debian.org/apt-team/apt/-/blob/main/doc/apt.conf.5.xml#L628

--
Gioele Barabucci

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------LSb8Kr1Mlh4fEgsEs9tzcc9A
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

DQpIaSBQYXVsDQoNCkFtIDE5LjA4LjIyIHVtIDAzOjAxIHNjaHJpZWIgUGF1bCBXaXNlOg0K PiBPbiBUaHUsIDIwMjItMDgtMTggYXQgMjE6MTggKzAyMDAsIEdpb2VsZSBCYXJhYnVjY2kg d3JvdGU6DQo+IA0KPj4gRG9lcyBhbnlib2R5IGhhdmUgb2JqZWN0aXZlIG9iamVjdGlvbnMg YWdhaW5zdCBhY3RpdmF0aW5nIGF1dG9tYXRpYw0KPj4gY2hhbmdlbG9nIHRyaW1taW5nIGlu IGJpbmFyeSBwYWNrYWdlcz8NCj4gDQo+IEJlZm9yZSB3ZSBjb25zaWRlciBlbmFibGluZyB0 aGlzIGJ5IGRlZmF1bHQsIGZpcnN0IHdlIG5lZWQgYSB3YXkgZm9yDQo+IGBhcHQgY2hhbmdl bG9nYCB0byBkb3dubG9hZCB0aGUgZnVsbCBjaGFuZ2Vsb2cgcmF0aGVyIHRoYW4gbG9hZGlu ZyB0aGUNCj4gY2hhbmdlbG9nIGZyb20gL3Vzci9zaGFyZS9kb2MgaW4gdGhlIGN1cnJlbnRs eSBpbnN0YWxsZWQgcGFja2FnZS4NCj4gDQo+IE90aGVyd2lzZSBwZW9wbGUgd2hvIHdhbnQg dG8gbG9vayBhdCB0aGUgZnVsbCBjaGFuZ2Vsb2cgZm9yIHRoZQ0KPiBjdXJyZW50bHkgaW5z dGFsbGVkIHZlcnNpb24gb2YgdGhlIHBhY2thZ2Ugd2lsbCBoYXZlIG5vIGVhc3kgd2F5IHRv IGRvDQo+IHNvLiBUaGV5IHdpbGwgaGF2ZSB0byBtYW51YWxseSBmaW5kIGl0IGluc3RlYWQs IHdoaWNoIGlzbid0IGV4YWN0bHkgYW4NCj4gZWFzeSBwcm9jZXNzIGlmIHlvdSBkbyBub3Qg a25vdyB3aGVyZSB0aGUgY2hhbmdlbG9ncyBhcmUgc3RvcmVkIG9ubGluZS4NCj4gDQoNCmFw dCBoYXMgdGhlIG5lY2Vzc2FyeSBpbmZyYXN0cnVjdHVyZSBhbHJlYWR5IGluIHBsYWNlIGFu ZCB3ZSBoYXZlIA0KaHR0cHM6Ly9tZXRhZGF0YS5mdHAtbWFzdGVyLmRlYmlhbi5vcmcvY2hh bmdlbG9ncw0KDQpTbyBhbGwgb25lIG5lZWRzIHRvIGRvIGlzIHRvIHR1cm4gaXQgb24gdmlh DQoNCiMgY2F0IC9ldGMvYXB0L2FwdC5jb25mLmQvMDEtY2hhbmdlbG9ncw0KQWNxdWlyZTo6 Q2hhbmdlbG9nczo6QWx3YXlzT25saW5lICJ0cnVlIjsNCg0KSWYgd2UgdHVybiBvbiBjaGFu Z2Vsb2cgdHJpbW1pbmcgYnkgZGVmYXVsdCwgd2Ugc2hvdWxkIHByb2JhYmx5IGFsc28gDQp0 dXJuIG9uIGFwdCBkb3dubG9hZGluZyB0aGUgY2hhbmdlbG9ncyBieSBkZWZhdWx0Lg0KDQoN ClJlZ2FyZHMsDQpNaWNoYWVsDQo=

--------------LSb8Kr1Mlh4fEgsEs9tzcc9A--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmL/NoUFAwAAAAAACgkQauHfDWCPItzm pQ/+JemhGJ869xhY8CCM61MCh1t+6t4bkL5uGtGW0vEgM/tPs00iqYyfn1XP989Kj0/V5vI8NIsR rWrO0TeklNQX4X3HKbQC1LiagFThqGOUDUqU2BnAW0QzVwI7ofSTXSmTgtC71YL2G6gVaa7feVaj qC9CLjHSgD7fp+1QaU49Im9u07Q8yqTbWPcbsFkd9mRDffrUXDBPxamw3li6O9qpEwI8c+D43XA8 VpttEBQ7rSdKTBkPSmqUD5R/oUGLZ7vEvqXSn8fgRv32GmDqASSUvw4M18c5zCQZEJCAlAnBiBuo LmwgjTQrzCsNTRoaA4lSWT/5K8mWUGOZsuMGoH1pi8Nro7cfIFQriK5e51ZuOXDfFAwMqu0OjB2M OAPHAYs+y3epf9tTe9ZJ3V5BszpVBc5rJG+ZSzBDI193WWvvf3XIk310XmlvercQOaGeW3C3ugeg yqcDLlGXAHkty0S9Bjt1yHYXlJ4DZZ6vOxLkyXpOyyLum1CiJL3wn8Bsene/Cr7joC9ruFr8PrYT LO4jvqmxe2k48wwzmzdxiw93ofEeBl+2yU1Cuow4qpOMTpMT2T7KeOhuuy/ekwpyifS6G7E4F0vr DU0nf3pxIwmU8NCoKjw+wyYAqsLIIeYgakyc7GfVGaCz/xA1STxtV121sIj72cL1xKkw6r3fgdh6 2u4=
=sJur
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le vendredi 19 août 2022 à 09:04 +0200, Fabio Fantoni a écrit :

Il 19/08/2022 03:01, Paul Wise ha scritto:

On Thu, 2022-08-18 at 21:18 +0200, Gioele Barabucci wrote:

Does anybody have objective objections against activating
automatic
changelog trimming in binary packages?

Before we consider enabling this by default, first we need a way
for
`apt changelog` to download the full changelog rather than loading
the
changelog from /usr/share/doc in the currently installed package.

Otherwise people who want to look at the full changelog for the
currently installed version of the package will have no easy way to
do
so. They will have to manually find it instead, which isn't exactly
an
easy process if you do not know where the changelogs are stored
online.

Hi, I also used the changelog many times both in the packages I
maintain
and in the one I only use, in some cases a very old changelog entries
was needed.

As long as "apt-get source" gives the whole d/changelog as well as
d/rules, d/control and everything, I think this objection is out.

Why put rarely-used information in each and every installation of our
_users_?

Cheers,

J.Puydt

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

To: debian-devel@lists.debian.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------tM4OzVPGesODs0TnrX5jULpg
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

SWwgMTkvMDgvMjAyMiAwMzowMSwgUGF1bCBXaXNlIGhhIHNjcml0dG86DQo+IE9uIFRodSwg MjAyMi0wOC0xOCBhdCAyMToxOCArMDIwMCwgR2lvZWxlIEJhcmFidWNjaSB3cm90ZToNCj4N Cj4+IERvZXMgYW55Ym9keSBoYXZlIG9iamVjdGl2ZSBvYmplY3Rpb25zIGFnYWluc3QgYWN0 aXZhdGluZyBhdXRvbWF0aWMNCj4+IGNoYW5nZWxvZyB0cmltbWluZyBpbiBiaW5hcnkgcGFj a2FnZXM/DQo+IEJlZm9yZSB3ZSBjb25zaWRlciBlbmFibGluZyB0aGlzIGJ5IGRlZmF1bHQs IGZpcnN0IHdlIG5lZWQgYSB3YXkgZm9yDQo+IGBhcHQgY2hhbmdlbG9nYCB0byBkb3dubG9h ZCB0aGUgZnVsbCBjaGFuZ2Vsb2cgcmF0aGVyIHRoYW4gbG9hZGluZyB0aGUNCj4gY2hhbmdl bG9nIGZyb20gL3Vzci9zaGFyZS9kb2MgaW4gdGhlIGN1cnJlbnRseSBpbnN0YWxsZWQgcGFj a2FnZS4NCj4NCj4gT3RoZXJ3aXNlIHBlb3BsZSB3aG8gd2FudCB0byBsb29rIGF0IHRoZSBm dWxsIGNoYW5nZWxvZyBmb3IgdGhlDQo+IGN1cnJlbnRseSBpbnN0YWxsZWQgdmVyc2lvbiBv ZiB0aGUgcGFja2FnZSB3aWxsIGhhdmUgbm8gZWFzeSB3YXkgdG8gZG8NCj4gc28uIFRoZXkg d2lsbCBoYXZlIHRvIG1hbnVhbGx5IGZpbmQgaXQgaW5zdGVhZCwgd2hpY2ggaXNuJ3QgZXhh Y3RseSBhbg0KPiBlYXN5IHByb2Nlc3MgaWYgeW91IGRvIG5vdCBrbm93IHdoZXJlIHRoZSBj aGFuZ2Vsb2dzIGFyZSBzdG9yZWQgb25saW5lLg0KPg0KSGksIEkgYWxzbyB1c2VkIHRoZSBj aGFuZ2Vsb2cgbWFueSB0aW1lcyBib3RoIGluIHRoZSBwYWNrYWdlcyBJIG1haW50YWluIA0K YW5kIGluIHRoZSBvbmUgSSBvbmx5IHVzZSwgaW4gc29tZSBjYXNlcyBhIHZlcnkgb2xkIGNo YW5nZWxvZyBlbnRyaWVzIA0Kd2FzIG5lZWRlZC4NCg0KSSBhbHNvIHRoaW5rIGEgc2ltcGx5 LCBmYXN0IGFuZCBrbm93IHdheSB0byBsb29rIHRoYXQgZnVsbCBjaGFuZ2Vsb2cgaXMgDQpu ZWVkZWQuDQoNCkkgYWxzbyB1c2UgbWFueSB0aW1lcyB0aGUgY2hhbmdlbG9nIHZpZXcgb24g cGFja2FnZXMuZGViaWFuLm9yZywgaXQgc2hvdyANCnRoZSBmdWxsIGNoYW5nZWxvZyBmcm9t IHNvdXJjZSBhbmQgd2lsbCBzdGlsbCBzaG93IHRoZSBmdWxsIGNoYW5nZWxvZz8NCg0K

--------------tM4OzVPGesODs0TnrX5jULpg--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmL/NhEFAwAAAAAACgkQaAZorpB/EB1Z /g/+M/UrgV7HsWgccNskOCQr0eLe36sCsnNBv1zXLEbUZTc1LWB+doGSOU1Tv0HXPz6A8pIv5PA4 KzcxRhD6FrOSEveEm1Eq/HeIzlnM3sTOXzvgHjk+dISc4OINUABbXGRPbC8BCs2QdOKqpaxNeg0C vXjDMRVWelTVJiomz5e2tZjpZXoou4lzQt9hCCpVeZ9AwjaaEW+YNoHf5IvMAZxKxAtizK7M4NfY VEEfNwh6oRiJGo0QkmC1JbKAm1Ue7TkjcK00xlDGsRrvLw4fUjWvXykETI0ALLbvvUwC4J29sXDa QU8PMmgH0GgMHgoyYIsdjpLVkoNS8NM0q4vZENsOYtUDm7kPr8lzx8QclAwosjtFf7tmAfIRHyAB Go2eaIiNCMk0Eb6rXuw89oUmDtcjnUXYVB3mGR1452E7WuMMb6WicCdoFGe3vDFPKVDn8HdncJnV U81HJWMj3e8XIf3MNsYdXsJITyImfaCVJG9SxLQcSLVaJpYFPYFLji5LYy2lT5aKPHLLAJqcH+uu Z5N30qqp5xepXzs5tjK55GdZ7ehtnSHsoGXp0OlASoBf8oPYnk835hHymADese7bKu1nX72gyy+f 5iCDz5Nz+dsqgwxr+1AZAL5mTrtzf4iCklZTgdYnGDwQQCbFmUz0KmOEMAAxb/ImICzADRGcIKVd WYg=
=jpd4
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------KmKmxhxjWv3Q9JDvnSZCUhDe
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

QW0gMTkuMDguMjIgdW0gMDk6MDQgc2NocmllYiBGYWJpbyBGYW50b25pOg0KPiANCj4gSSBh bHNvIHVzZSBtYW55IHRpbWVzIHRoZSBjaGFuZ2Vsb2cgdmlldyBvbiBwYWNrYWdlcy5kZWJp YW4ub3JnLCBpdCBzaG93IA0KPiB0aGUgZnVsbCBjaGFuZ2Vsb2cgZnJvbSBzb3VyY2UgYW5k IHdpbGwgc3RpbGwgc2hvdyB0aGUgZnVsbCBjaGFuZ2Vsb2c/DQo+IA0KDQpDb3JyZWN0LiBU aGUgY2hhbmdlbG9ncyBsaW5rZWQgZnJvbSBwYWNrYWdlcy5kZWJpYW4ub3JnIGFyZSBmcm9t IA0KaHR0cHM6Ly9tZXRhZGF0YS5mdHAtbWFzdGVyLmRlYmlhbi5vcmcgc28gd2lsbCBhbHdh eXMgc2hvdyB0aGUgY29tcGxldGUgDQpjaGFuZ2Vsb2cgZmlsZSBhcyBzaGlwcGVkIGluIHRo ZSBzb3VyY2UgcGFja2FnZS4NCg0KDQoNCg==

--------------KmKmxhxjWv3Q9JDvnSZCUhDe--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmL/QDEFAwAAAAAACgkQauHfDWCPItxZ Tw/+MJU+MmfcNsB7JQJh9/IyykiikhaEjV2hGVOB0IBY21YkxQox5VPDcJHeSYap7PPVkTTZJDrG EjMgsUktROoPTBjIbfx4NgfUpzRfoBxOJZ37NcCdMNdC2UwVpVo60aYI/ZIltONr/adgBN7qtNyA 7SMfCAPopL4tJgTOpAY5S+Mp1ZJB+LQs9MWZxaagH+IUGE9D9U5zoMQGbycJOPg2L4Ow4f++zTyK LjYLKDeUv8wbzJkOUoWx8Swcd1Oj3XDxUYYh8NSvS2tjBJDoUl9BiaDEJyWhNz8tHK9/AEfR2PJA aqQIgSs6RTjy08+AYwMrtI7EVMhrcgL3KC3KcFjJmG0z1yun7fD9tpRt+ysLrMOOxi4Fd/AaGq5o I1/EzZv5B7GyXtlOCbT0VMMV7arfdsstYXRWsHdJsbTMHrnSWOM+w0EHumkRAGp502CfRk/GdGos MgatmjgFh3Lo7Cvuu9mQmHpcBJsawEVQZuaw0EXoPuTN35m10GuJMO84rtQpIOZ9upnxAs7t/USG gb56B5v3088YUWvm4niRLI3Ne+/uv9JNFMExvZKV7eti8lqtuJoIlSbSgUHDgSmX8KXhzzvtLnFj KBj6z1BhsaLR+UxO06BumjxSbLEGqs76jDm7/amURKD2S35hiCyDlQGqfPlxKAaH9/Q4dEvyJIe8 eV4=
=99CA
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

To: pabs@debian.org (Paul Wise)
To: debian-devel@lists.debian.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------0GUh7LVcdJYSp6oAp0wb6f6U
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

SWwgMTkvMDgvMjAyMiAwOTo0MywganVsaWVuLnB1eWR0QGdtYWlsLmNvbSBoYSBzY3JpdHRv Og0KPiBMZSB2ZW5kcmVkaSAxOSBhb8O7dCAyMDIyIMOgIDA5OjA0ICswMjAwLCBGYWJpbyBG YW50b25pIGEgw6ljcml0wqA6DQo+PiBJbCAxOS8wOC8yMDIyIDAzOjAxLCBQYXVsIFdpc2Ug aGEgc2NyaXR0bzoNCj4+PiBPbiBUaHUsIDIwMjItMDgtMTggYXQgMjE6MTggKzAyMDAsIEdp b2VsZSBCYXJhYnVjY2kgd3JvdGU6DQo+Pj4NCj4+Pj4gRG9lcyBhbnlib2R5IGhhdmUgb2Jq ZWN0aXZlIG9iamVjdGlvbnMgYWdhaW5zdCBhY3RpdmF0aW5nDQo+Pj4+IGF1dG9tYXRpYw0K Pj4+PiBjaGFuZ2Vsb2cgdHJpbW1pbmcgaW4gYmluYXJ5IHBhY2thZ2VzPw0KPj4+IEJlZm9y ZSB3ZSBjb25zaWRlciBlbmFibGluZyB0aGlzIGJ5IGRlZmF1bHQsIGZpcnN0IHdlIG5lZWQg YSB3YXkNCj4+PiBmb3INCj4+PiBgYXB0IGNoYW5nZWxvZ2AgdG8gZG93bmxvYWQgdGhlIGZ1 bGwgY2hhbmdlbG9nIHJhdGhlciB0aGFuIGxvYWRpbmcNCj4+PiB0aGUNCj4+PiBjaGFuZ2Vs b2cgZnJvbSAvdXNyL3NoYXJlL2RvYyBpbiB0aGUgY3VycmVudGx5IGluc3RhbGxlZCBwYWNr YWdlLg0KPj4+DQo+Pj4gT3RoZXJ3aXNlIHBlb3BsZSB3aG8gd2FudCB0byBsb29rIGF0IHRo ZSBmdWxsIGNoYW5nZWxvZyBmb3IgdGhlDQo+Pj4gY3VycmVudGx5IGluc3RhbGxlZCB2ZXJz aW9uIG9mIHRoZSBwYWNrYWdlIHdpbGwgaGF2ZSBubyBlYXN5IHdheSB0bw0KPj4+IGRvDQo+ Pj4gc28uIFRoZXkgd2lsbCBoYXZlIHRvIG1hbnVhbGx5IGZpbmQgaXQgaW5zdGVhZCwgd2hp Y2ggaXNuJ3QgZXhhY3RseQ0KPj4+IGFuDQo+Pj4gZWFzeSBwcm9jZXNzIGlmIHlvdSBkbyBu b3Qga25vdyB3aGVyZSB0aGUgY2hhbmdlbG9ncyBhcmUgc3RvcmVkDQo+Pj4gb25saW5lLg0K Pj4+DQo+PiBIaSwgSSBhbHNvIHVzZWQgdGhlIGNoYW5nZWxvZyBtYW55IHRpbWVzIGJvdGgg aW4gdGhlIHBhY2thZ2VzIEkNCj4+IG1haW50YWluDQo+PiBhbmQgaW4gdGhlIG9uZSBJIG9u bHkgdXNlLCBpbiBzb21lIGNhc2VzIGEgdmVyeSBvbGQgY2hhbmdlbG9nIGVudHJpZXMNCj4+ IHdhcyBuZWVkZWQuDQo+IEFzIGxvbmcgYXMgImFwdC1nZXQgc291cmNlIiBnaXZlcyB0aGUg d2hvbGUgZC9jaGFuZ2Vsb2cgYXMgd2VsbCBhcw0KPiBkL3J1bGVzLCBkL2NvbnRyb2wgYW5k IGV2ZXJ5dGhpbmcsIEkgdGhpbmsgdGhpcyBvYmplY3Rpb24gaXMgb3V0Lg0KPg0KPiBXaHkg cHV0IHJhcmVseS11c2VkIGluZm9ybWF0aW9uIGluIGVhY2ggYW5kIGV2ZXJ5IGluc3RhbGxh dGlvbiBvZiBvdXINCj4gX3VzZXJzXz8NCg0KVGhhbmtzIGZvciByZXBseSwgSSBhbHNvIHRo aW5rIHRoYXQgdHJpbW1pbmcgY2hhbmdlbG9nIGluIGJpbmFyaWVzIGlzIA0KdXNlZnVsIHRv IHNhdmUgZGlzayBzcGFjZSBhbmQgYSBsaXR0bGUgYml0IG9mIGJhbmR3aWR0aC90aW1lICh3 aGVuIA0KZG93bmxvYWRpbmcgdGhhbmtzIHRvIHNtYWxsZXIgcGFja2FnZXMpDQoNCldoYXQg SSBtZWFuIHdhcyBvbmx5IGhhdmUgYSBmYXN0L2Vhc3kva25vdyB0byB2aWV3IHRoZSBmdWxs IGNoYW5nZWxvZyANCmJlZm9yZSBtYWtlIHRyaW1taW5nIHRoZSBkZWZhdWx0Lg0KDQpBYm91 dCAiYXB0LWdldCBzb3VyY2UiIG5lZWQgYWRkIG9mIGRlYi1zcmMgaW4gc291cmNlLmxpc3Qs IGRvd25sb2FkIHRoZSANCmZ1bGwgc291cmNlIG9mIHRoZSBwYWNrYWdlIGFuZCBzb21lIG9w ZXJhdGlvbnMgc28gaXMgbm90IG9wdGltYWwsICJhcHQgDQpjaGFuZ2Vsb2ciIHRoYXQgZG93 bmxvYWQgYW5kIHZpZXcgdGhlIGZ1bGwgY2hhbmdlbG9nIGJ5IGRlZmF1bHQgYXMgSSBzYXcg DQppbiBwcmV2aW91cyByZXBsaWVzIHNlZW1zIGEgZ29vZCBzb2x1dGlvbg0KDQo+DQo+IENo ZWVycywNCj4NCj4gSi5QdXlkdA0KPg0KDQo=

--------------0GUh7LVcdJYSp6oAp0wb6f6U--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmL/RygFAwAAAAAACgkQaAZorpB/EB2G dQ//cKHI/VOArOB7BHZDgkv3ut2Ne4nUlQgxIIExEriBYc8HaZ5j51B2eSdvHIrlSw3Ty2TY83Vh 6kp7J6w+hh79gqOxW9hFyzBsUFNOwP0RqTAiVJyRPHf8aNIT15ZoMp+Mvo8DRLU0BdG1v5qnOG5E EXFlrWUkaAplze6U4B/0iQ7+K65k2mmxtqxfEwHy79dne1dLRCSNh5Qck67ZRhKimsPYLmzv+xAs VjMsZ3QdDNNS7eFT8ZEedT7R9+F2O+51juyjEVCPKCXN7M4OlS3SjILMmXvq7hhoozN+QCSgPs90 3ulIT9K5bTslLB6JGcAD8LM7ugrHiRxPTl7LIU18iJWkgWoPBjmOLWKFMXHxNylVM9uXxitBuJJC 9bO7j1OSKUa3lgo/n8bUYeDuW9r7tnTf+1n9k95Hm/xbTiJeu3pDoyneliuPjtv22sTRfSLpkpx9 Nqs2JxyJZztHt+AvIa1Z5p2d/XOLECUpNWG5cz0A6ae3Kj1cKBTFvIBERL0aGzlsuaNnzqhB3OuX DC6iki/v1LSJ8WcasimAy3FAa4wg5GkV2lLBlfiu1D4PKpFzXOWYmNnRtMZr/T6kBK9Fv1txAKR5 iXthy8lZqUiVYSv2nPCKnVy8cIqqHee1F8RCcMQNZvVGCe36+Wg0sx5TqWCS3WoWSDrvDHHs49M2 WVg=
=yYDx
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Paul Wise <pabs@debian.org> writes:

On Thu, 2022-08-18 at 21:18 +0200, Gioele Barabucci wrote:

Does anybody have objective objections against activating automatic
changelog trimming in binary packages?

Before we consider enabling this by default, first we need a way for
`apt changelog` to download the full changelog rather than loading the changelog from /usr/share/doc in the currently installed package.

Otherwise people who want to look at the full changelog for the
currently installed version of the package will have no easy way to do
so. They will have to manually find it instead, which isn't exactly an
easy process if you do not know where the changelogs are stored online.

How about making the end of the trimmed file be a standard footer
including a hint about how one can get hold of the rest of the
changelog, and then have `apt changelog` look out for that footer in the
local copies in order to know that they've been trimmed, and that it
should therefore try to download the full version.

Cheers, Phil.

P.S. BTW the change Guillem suggests seems like a good idea anyway:
treating changelogs as control files.

debootstrap being able to exclude paths during installs (#811269)
is also a good idea (as mentioned in the second thread Guillem
referenced.) -- I'll see if I can nudge that towards fruition.
--
|)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd.
|-| http://www.hands.com/ http://ftp.uk.debian.org/
|(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3/FBWs4yJ/zyBwfW0EujoAEl1cAFAmL/S1EACgkQ0EujoAEl 1cC+TA//SOuXVPbEx7YfF5C+TgqsqTt0GabITxhWH+mcZY3Z2ueT6C09Of4bFzXH B8kEry8sCG4yVcBcr7C55cJafJzHPuxi3/+zMQbSbZKahHceVI2r2uxDCs0NjZcR FYJLFJt8Y4Bhqyny7/Km3BDfPuoP0MmCOlxS/chMR+YPb0BkIi9Asqm0F2fuB5Wf JOeeesPBeErb8MO2JYh8yw7CQpwAK0mi3RoIw71kDC9oJWFiiTQuJ1Ekzq63p0wM slh9LUjXwGOPNHZGc2GMuxMuP2RSajcK0aXqF1ILGETbqKGGU9FpUpgKxbM4bldh 0oMTfPCYc/zurtq/sLHMdJ9aQD4M2K6qUo+/mCETXBEnAa0sU+xvrwbsSxlipazp NEYly5WgVdoDiN11AiEibg9cLR6JFI/tqY2rqjtsPPjI0ffUNoqxnbTqBXmY6MCC /SUV+6E1y04t7AWk+VHjU8jeu9p/pbUeTxOxuYZ7PB/i6Z3Zu0w3586GmJT2P+Gs 0D+f+GM36L3FPfKkw8yWC8G4YZVcN+r2Xu/uKBHnyOKTAtDOZ6Je8W+mW5vFpN5e MO3V/BNUHIZvOR1iyGE/DQOFNtc4AnsWaZq42gj7Dwzgp0/ATu6z2QOOViclBT9m +XC0hYn6tszPogD

On Fri, 2022-08-19 at 10:35 +0200, Philip Hands wrote:

P.S. BTW the change Guillem suggests seems like a good idea anyway:        treating changelogs as control files.

I'm interested: why?

What makes Debian's changelog different from other documentation such
as the upstream changelog, release notes, man pages, ...?

Most things proposed (deduplication, "dpkg --show-changelog" command,
even faster extraction, etc.) can also be implemented with the existing
way of installing them as regular files; the binNMU problem was also
solved 10 years or so ago.

There are however many downsides to special treatment of changelog:

- Upstream and Debian changelog are suddenly in totally different
places. Same for release notes (NEWS.Debian, NEWS). Unless one
makes all of them special data ("dpkg --show-upstream-changelog",
"dpkg --show-upstream-news", ...?).
- It's harder to discover a Debian-specific command than regular 
files. And you already might want to look in /usr/share/doc for
other documentation anyway.
- Having to spawn an external command ("dpkg --show-changelog") just
to access a file is more complicated.

Ansgar

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 19/08/22 10:35, Philip Hands wrote:

How about making the end of the trimmed file be a standard footer
including a hint about how one can get hold of the rest of the
changelog, and then have `apt changelog` look out for that footer in the local copies in order to know that they've been trimmed, and that it
should therefore try to download the full version.

This two-line footer is added to the trimmed changelogs:

# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog foobar`.

Regards,

--
Gioele Barabucci

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------j841EtU0LXXyAkaCtMhL8PJ2
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

QW0gMTkuMDguMjIgdW0gMTA6MzUgc2NocmllYiBQaGlsaXAgSGFuZHM6DQo+IFBhdWwgV2lz ZSA8cGFic0BkZWJpYW4ub3JnPiB3cml0ZXM6DQo+IA0KPj4gT24gVGh1LCAyMDIyLTA4LTE4 IGF0IDIxOjE4ICswMjAwLCBHaW9lbGUgQmFyYWJ1Y2NpIHdyb3RlOg0KPj4NCj4+PiBEb2Vz IGFueWJvZHkgaGF2ZSBvYmplY3RpdmUgb2JqZWN0aW9ucyBhZ2FpbnN0IGFjdGl2YXRpbmcg YXV0b21hdGljDQo+Pj4gY2hhbmdlbG9nIHRyaW1taW5nIGluIGJpbmFyeSBwYWNrYWdlcz8N Cj4+DQo+PiBCZWZvcmUgd2UgY29uc2lkZXIgZW5hYmxpbmcgdGhpcyBieSBkZWZhdWx0LCBm aXJzdCB3ZSBuZWVkIGEgd2F5IGZvcg0KPj4gYGFwdCBjaGFuZ2Vsb2dgIHRvIGRvd25sb2Fk IHRoZSBmdWxsIGNoYW5nZWxvZyByYXRoZXIgdGhhbiBsb2FkaW5nIHRoZQ0KPj4gY2hhbmdl bG9nIGZyb20gL3Vzci9zaGFyZS9kb2MgaW4gdGhlIGN1cnJlbnRseSBpbnN0YWxsZWQgcGFj a2FnZS4NCj4+DQo+PiBPdGhlcndpc2UgcGVvcGxlIHdobyB3YW50IHRvIGxvb2sgYXQgdGhl IGZ1bGwgY2hhbmdlbG9nIGZvciB0aGUNCj4+IGN1cnJlbnRseSBpbnN0YWxsZWQgdmVyc2lv biBvZiB0aGUgcGFja2FnZSB3aWxsIGhhdmUgbm8gZWFzeSB3YXkgdG8gZG8NCj4+IHNvLiBU aGV5IHdpbGwgaGF2ZSB0byBtYW51YWxseSBmaW5kIGl0IGluc3RlYWQsIHdoaWNoIGlzbid0 IGV4YWN0bHkgYW4NCj4+IGVhc3kgcHJvY2VzcyBpZiB5b3UgZG8gbm90IGtub3cgd2hlcmUg dGhlIGNoYW5nZWxvZ3MgYXJlIHN0b3JlZCBvbmxpbmUuDQo+IA0KPiBIb3cgYWJvdXQgbWFr aW5nIHRoZSBlbmQgb2YgdGhlIHRyaW1tZWQgZmlsZSBiZSBhIHN0YW5kYXJkIGZvb3Rlcg0K PiBpbmNsdWRpbmcgYSBoaW50IGFib3V0IGhvdyBvbmUgY2FuIGdldCBob2xkIG9mIHRoZSBy ZXN0IG9mIHRoZQ0KPiBjaGFuZ2Vsb2csIGFuZCB0aGVuIGhhdmUgYGFwdCBjaGFuZ2Vsb2dg IGxvb2sgb3V0IGZvciB0aGF0IGZvb3RlciBpbiB0aGUNCj4gbG9jYWwgY29waWVzIGluIG9y ZGVyIHRvIGtub3cgdGhhdCB0aGV5J3ZlIGJlZW4gdHJpbW1lZCwgYW5kIHRoYXQgaXQNCj4g c2hvdWxkIHRoZXJlZm9yZSB0cnkgdG8gZG93bmxvYWQgdGhlIGZ1bGwgdmVyc2lvbi4NCg0K SWYgd2UgZW5hYmxlIHRyaW1taW5nIGJ5IGRlZmF1bHQgKGZvciBhbGwgcGFja2FnZXMpLCB0 aGVuIGFwdCBjYW4ganVzdCANCmdvIGRpcmVjdGx5IHRvIHF1ZXJ5IHRoZSBjaGFuZ2Vsb2cg b25saW5lLg0KV2hhdCB3b3VsZCBiZSB0aGUgYmVuZWZpdCBmb3IgImFwdCBjaGFuZ2Vsb2ci IHRvIGxvb2sgZm9yIHN1Y2ggYSBmb290ZXI/DQoNCg==

--------------j841EtU0LXXyAkaCtMhL8PJ2--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmL/UjYFAwAAAAAACgkQauHfDWCPItwh nQ/5AaPkgv6NTGP/Q11XlyOoxwbJhRNtAxQX1wk/DB+t1dpV2eOUGi93lefc9lOFa1pGMlQw8lOl plfX82o8LZasH2iB0aw92kOB+NQDVqxayvVW0ICIDVid91CdL6i0tXmzLkC7fm1l+Xdofuvj+Tyl 61wpQSMeFRv5fEfnp6VXPIlNw64AqTe3/zQj0pXS1sFwoey+D+TKusB8veaPpkUsD+SCN9O7IjjG 2Cf3LC/BFZQJSLCe1XcSSuHBqVlzLlO6U7bkwl9s4sv0VwUW60mA3stprCGweDiz0zGWR0Xy24Nh 5ObeXFZkrQHDuqucDBeYTHPhRfOJleZFhuPoFEH4nH64C7c1Z/GjiOtyNnxe7NrEt9KTDPebpsvA XP1JvdZNtHvTm1Mvcnos6dnk651w0534Q9MyvAT1elbWcnPHfacv8/KEyBwUDlV/fsTmWq8cEUHv r0XyMauvhDfmky8FJ9sVAmNdkzXqzUfMM0uQ29fIn8RLccqXrFqoWpVHbbF4QUeujViqoLeIh8uw BJuS2KGlFL6cy++bBK2phQOvPcoW0qZ4xlUFK8/+fkpaBBnkfsPActCX3P8em51l6t0oS1vjWLRY a30LFRfQfsQfrhUBmdmOs/Z5odn4PPDq2e/MHeUQ7edDqvaEtFGAIUxATEkfDA230ruF9dYTUO5F TmQ=
=Bw7m
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------6CmQbvJXrZRa4XFHpSK27eHU
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

DQpBbSAxOS4wOC4yMiB1bSAxMDo0MiBzY2hyaWViIEFuc2dhcjoNCj4gT24gRnJpLCAyMDIy LTA4LTE5IGF0IDEwOjM1ICswMjAwLCBQaGlsaXAgSGFuZHMgd3JvdGU6DQo+PiBQLlMuIEJU VyB0aGUgY2hhbmdlIEd1aWxsZW0gc3VnZ2VzdHMgc2VlbXMgbGlrZSBhIGdvb2QgaWRlYSBh bnl3YXk6DQo+PiAgwqDCoMKgwqDCoMKgIHRyZWF0aW5nIGNoYW5nZWxvZ3MgYXMgY29udHJv bCBmaWxlcy4NCj4gDQo+IEknbSBpbnRlcmVzdGVkOiB3aHk/DQo+IA0KPiBXaGF0IG1ha2Vz IERlYmlhbidzIGNoYW5nZWxvZyBkaWZmZXJlbnQgZnJvbSBvdGhlciBkb2N1bWVudGF0aW9u IHN1Y2gNCj4gYXMgdGhlIHVwc3RyZWFtIGNoYW5nZWxvZywgcmVsZWFzZSBub3RlcywgbWFu IHBhZ2VzLCAuLi4/DQo+IA0KPiBNb3N0IHRoaW5ncyBwcm9wb3NlZCAoZGVkdXBsaWNhdGlv biwgImRwa2cgLS1zaG93LWNoYW5nZWxvZyIgY29tbWFuZCwNCj4gZXZlbiBmYXN0ZXIgZXh0 cmFjdGlvbiwgZXRjLikgY2FuIGFsc28gYmUgaW1wbGVtZW50ZWQgd2l0aCB0aGUgZXhpc3Rp bmcNCj4gd2F5IG9mIGluc3RhbGxpbmcgdGhlbSBhcyByZWd1bGFyIGZpbGVzOyB0aGUgYmlu Tk1VIHByb2JsZW0gd2FzIGFsc28NCj4gc29sdmVkIDEwIHllYXJzIG9yIHNvIGFnby4NCj4g DQo+IFRoZXJlIGFyZSBob3dldmVyIG1hbnkgZG93bnNpZGVzIHRvIHNwZWNpYWwgdHJlYXRt ZW50IG9mIGNoYW5nZWxvZzoNCj4gDQo+ICAgLSBVcHN0cmVhbSBhbmQgRGViaWFuIGNoYW5n ZWxvZyBhcmUgc3VkZGVubHkgaW4gdG90YWxseSBkaWZmZXJlbnQNCj4gICAgIHBsYWNlcy4g U2FtZSBmb3IgcmVsZWFzZSBub3RlcyAoTkVXUy5EZWJpYW4sIE5FV1MpLiBVbmxlc3Mgb25l DQo+ICAgICBtYWtlcyBhbGwgb2YgdGhlbSBzcGVjaWFsIGRhdGEgKCJkcGtnIC0tc2hvdy11 cHN0cmVhbS1jaGFuZ2Vsb2ciLA0KPiAgICAgImRwa2cgLS1zaG93LXVwc3RyZWFtLW5ld3Mi LCAuLi4/KS4NCg0KSSBndWVzcyB0aGlzIGNvdWxkIGJlIHNvbHZlZCBieSBkcGtnIGNyZWF0 aW5nIHN5bWxpbmtzIGZyb20gdGhlICJtYXN0ZXIgDQpjb3B5IiB3aGljaCBpcyBwZXItc291 cmNlIHRvIC91c3Ivc2hhcmUvZG9jLyRiaW5wa2cvDQoNCg0KVGhlcmUgaXMgZGhfaW5zdGFs bGRvY3MgLS1saW5rLWRvYyBhcyBwcmlvciBhcnQsIHdoaWNoIEkgY29uc2lkZXJlZCANCmhh Y2t5IHRob3VnaCwgYXMgaXQgcmVxdWlyZXMgb25lIG1haW4gYmluYXJ5IHBhY2thZ2UsIHdo aWNoIGhvbGRzIHRob3NlIA0KZmlsZXMuIEkgZG9uJ3QgbGlrZSB0aGlzIGFwcHJvYWNoLCBh cyBpdCBpcyBub3QgYWx3YXlzIHBvc3NpYmxlIHRvIGhhdmUgDQpzdWNoIGEgIm1haW4iIHBh Y2thZ2UuDQpJdCBzaG93cyB0aG91Z2ggdGhhdCB0aGVyZSBpcyBhIG5lZWQgZm9yIGl0Lg0K DQpNaWNoYWVsDQo=

--------------6CmQbvJXrZRa4XFHpSK27eHU--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmL/WG0FAwAAAAAACgkQauHfDWCPItwg mQ/+KiHMvyG8Q3b//kqbSnDHexfxm5DHUm8UlkxVlwPHAasr1rI3hZ+/37W8kNnqvA+tKM7e6VEK E5YmBfStScOldfwgQCWCrx9Sp5aPG/G4YTasdRqO4zKDyvOVLntEVTjhNutm9tOy84cfgQQZSUff kvexZrXuvUL3Nf/kQS1uNciT3j9Ovm0dVcrtk36ond3TktVDghoiUoaE7K08uLaYMh10BoZz6AmP O4z0eiuF0FcAx5bB9H+vRhx2vhhLnOo224QG0X96F6GPT+lCsnZAWwvxfkhthNn3lgN4+HSOShk9 6DAuQCbSi77C81vzb1ra2iXqOIztx0LqkrdioMYU9MVbFRU+orKTvHsgX27Ig8gSV0ipQ/twn1Od tfM7rBsI/jAjdggK0uu3/pRYBfh/nppEIj8NBWztFS4kAIxn392Vi9L9sfnVeNDUxHlXJXoEh7av R3wxtE9K01b9RCd06JhP5BFW9iIcV0dzPPE06EsQrt1Coae0jAT/xsUEcpYXB/149mEcjwzTTiwu yItgCkAERV8sr7i90LAsKFYKEyapELXFDmmXpzUYLluOW5Osbbjyb6OTf9D64FODLZSOkQW7Hh2m /vlzaJ3tNyJA2XDmQqzJ3g4U60nxZk6cMqf5j2bp2pFzD1LvN7rw88/Rv4nA4c8a0GZTX3Fy9li8 ftk=
=hYT5
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 2022-08-19 at 09:06 +0200, Michael Biebl wrote:

If we turn on changelog trimming by default, we should probably also
turn on apt downloading the changelogs by default.

I think the default apt behaviour should be as it is now, show the
installed changelog (with the footer suggested by Phil), but provide an
option (shorter than the existing one) to download the full changelog.

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmL/WKAACgkQMRa6Xp/6 aaPuXxAArKFuuGtl0ML1kMG1ApL1zA8MRWEQ0wuP7TaJagpwRNZrNopZ8IvVJ905 +r8CKPZZ155dk0ro3Cs0a0ZhCoBMaQgoQFM5Pf9BAi9066C6lkJk9aYMftf+a1RW XfDAPGjWMjLGjou0rFOq+EMPgd2q3JZ6oQdPVYBJ+vVb7HfOyfMk0AiczUqSJA2J rwIHMgfDQ5+404r/IW++vkeOGK35EW0yQCrJgL1VukJfDes9JjoieniekvaLfBxm daxYqwy7n8An5qLCg1fZCJk5ZayZL1kMlikiEBWAJbouHkRaERSu4j2wgiL2aovH b4WslAuuLsWwx33pEN+FhzP29/oUTAizdHYgy7OuVxvZEi6H8Eo4B7IVjcVCr1PJ C68BnQ7/7zb3lSYqWLqJJseqT4UZspzsvVb6MBA41tNGhwLNWdyzjD5JdLeuKdBQ PwPlYVjLyeIGKVpbJa4sqcqbTZM0gntnNFrMyjiTMx2OayuJMjaYoYkJhpI+SlFs 4aVStFQjN3m7XVS7JGWwzClmDjZiUgwwtZBUpRaWIkvC4SA5v5BVHVSbFpAnKOf3 wDQVY99/ukQkm7VtijiouCc5bdcU7qE4BFUApZGwc6FFevj748FKAT+edHdikVKB OZK03EAnYMRlnQ5qaLalhu2Fd+CYEJyW42mPlfg1AE7wzWqYDHs=
=zRpb
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 19/08/22 11:31, Michael Biebl wrote:

I guess this could be solved by dpkg creating symlinks from the "master
copy" which is per-source to /usr/share/doc/$binpkg/

Maybe the "master copy" could be in `/usr/share/doc/src:$pkg/`?

/usr/share/doc/openssh-{client,server}/X → /usr/share/doc/src:openssh/X

Regards,

--
Gioele Barabucci

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Ansgar <ansgar@43-1.org> writes:

- Having to spawn an external command ("dpkg --show-changelog") just
to access a file is more complicated.

The fact that it currently needs to dug out of the main data archive
rather than the control archive to show the user changes at install time
seemed like a decent reason to move it, but that was assuming that the
file would still end up being visible in the same place in the end.

If that were not the case then I think it would be more trouble than
it's worth.

Cheers, Phil.
--
|)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd.
|-| http://www.hands.com/ http://ftp.uk.debian.org/
|(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3/FBWs4yJ/zyBwfW0EujoAEl1cAFAmL/aZsACgkQ0EujoAEl 1cC6Iw//SO/h18XMREUpRypm+GD3bmdg5l54m/1+Ua/Q6VijwpO3aSXOyurXnywJ 2kIbKNKwAQxqGZE35O0pl+XC6zgmMjEzoU9oROZgVbbemBnJ43vhxF4ABm0HGUNo oTyOvxeD5lvW0Vgg7xY5W7gdySNbchirFeS7ee/WmwPVRInBD11Yi8OnAA3IIiin TmX35StgEAc+OqOrOjgFGPqCpy8vgp9N6pXLGFiZJf9W+1XXIdljz4q/6uDc5LQ5 8WN1jaEyOZpW2WPYRUmGZyu9Fk4ecqj0FHgYtNazq9sL/abBJtuIbfc0M7GKsMmj wIKPTRzEnbA9urI18yHE6loTluTzwaswxrRIOihOGBH2TFcQ/eW+YAW1D69Q06kb V7bRmnS/wHljdU2gI8x14LdzXER9DXU7Y15DaXmw93CxBkqvFUwiTOFfLm8wzJfB yMwOl8cCO+TndpoPtnswbC+9xw+v6722MZTBpkNb9iroc57XGs/wZo4dd4189ETv kEyDD92WJW45fM0btU4JHDaTobuJvlkvkx78sEvgnyVafWSWnCwdVcfaUYw8slQ/ PsRXXmcpXyxRKcugTt2S+Ox4MjjcAU2RnszoGCtISKjhACqVe4EUJKqs/nXf4EZh omvHcdBtEzQ10v4

On Fri, Aug 19, 2022 at 09:01:22AM +0800, Paul Wise wrote:

Before we consider enabling this by default, first we need a way for
`apt changelog` to download the full changelog rather than loading the changelog from /usr/share/doc in the currently installed package.

You can tell apt to ignore the local changelogs completely with: Acquire::Changelogs::AlwaysOnline "true";

This is set by default on ubuntu-vendor apts, not sure why as for
a repository identifying as "Origin: Ubuntu" apt knows that it should
grab the online changelog, regardless of the vendor apt is built for (Acquire::Changelogs::AlwaysOnline::Origin::Ubuntu).


That is an all or nothing setting through as Ubuntu does trimming unconditionally for all their packages. I don't see a logic¹ that would
be able to detect "builds with dh >= 14 (and hasn't opted out)" given
only binary package metadata, but I guess for most needless downloads
are not much of a concern.

¹ I guess we could implement looking at the free-form text in trimmed
changelogs, but that feels a bit brittle. If the last line of the
changelog doesn't start with " -- " … except that this isn't always
the case as e.g. shown by dpkg.



As previously said, another problem is that not all repositories have
online changelogs – and most tools building repositories have no option
for it –, but a dh change either effects them all or we get into the
problem of wanting to know if a package will end up in a repository
which has them or not while building (build-profile?).


Also note that e.g. d-security has no online changelogs as far as apt
is concerned as they are not to be found on metadata.f-m.d.o (#490848).

The tracker uses a different URI which seemingly has them (and other
files for download apt doesn't know/offer), but I have no idea who
maintains that, if it should be used by others and the URI scheme is
slightly different (it doesn't contain the component the package
belongs to) so apt can't be told to use it anyway.
(And IF apt should use it, it should be told via the Release files,
which only stable does currently, stable-updates and stable-security
rely on apts built-in fallback which is sad)


Best regards

David Kalnischkies

P.S.: As I was quoted already, as a side note: I am not against nor in
favour of trimming; I am just pointing out potential problems and
sometimes even their solutions as far as apt is concerned.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE5sn+Q4uCja/tn0GrMRvlz3HQeIMFAmL/ZmUACgkQMRvlz3HQ eIMtyg/7BV6WRoHi0EMhs3MHPhz3mZ9pxcQ0m203mqo2Ra/wuj2QazGvrOAU+xuZ d/4I3+R78vuDw4Se5cwm2Iujri+Ip5LyTGbYu6cFXV6sEac1vcc402OT3ne2tWkM bOqnBYr35ok8vAvGdpUjne/kqFKWGah11PGXH961F1TkUZB70ZaBB1mcVGhTcONJ GHHgJp4IZ3AteRLOAzF4YgOHgdMAWY4r7HPQ9mWscv+JE47Nr0/K59a8c8+PgT/b n9/ejtDfxYjDaP6tgNCD4tTmqvJyd3JHSCKouBmEwon083jBRkiQupSRaut/fIrp oolZPj51w+XAGJHloxYmef3KmclzFbx1sBFCbM3Mx97G4Rm4jD6kzbzmMm5zWiIr PzNa/81yD7I3zMbr7q1WAZLiWbk1Gg952opu4GZXjzITm2RoUlT9zG7xAY3bvIXV PyRQa3/a/m3WyL89NH0uGvIWJDf7MmaSfyRXqIb3n40osrTo7eKL5Jq0W8NdN0gZ s2JcthEzyIsHfM7t1PoN7mU/TF6C6qYfcYLW3WXCoDBC8q6Mu/bGMuq1L7XLaE5k 41cch8GEn9mHFAL9KqDcFa7uZWJUauoMmNqrCfYP7Kz0gia6iO7dfc0B3Dk8L1lP dDXtNiBLHPe0y+aH2gNo5NGayKxxaSp4y3oBzOjK83BGKOGRKDs=
=nLAT
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Michael Biebl <biebl@debian.org> writes:

Am 19.08.22 um 10:35 schrieb Philip Hands:

Paul Wise <pabs@debian.org> writes:

On Thu, 2022-08-18 at 21:18 +0200, Gioele Barabucci wrote:

Does anybody have objective objections against activating automatic
changelog trimming in binary packages?

Before we consider enabling this by default, first we need a way for
`apt changelog` to download the full changelog rather than loading the
changelog from /usr/share/doc in the currently installed package.

Otherwise people who want to look at the full changelog for the
currently installed version of the package will have no easy way to do
so. They will have to manually find it instead, which isn't exactly an
easy process if you do not know where the changelogs are stored online.

How about making the end of the trimmed file be a standard footer
including a hint about how one can get hold of the rest of the
changelog, and then have `apt changelog` look out for that footer in the
local copies in order to know that they've been trimmed, and that it
should therefore try to download the full version.

If we enable trimming by default (for all packages), then apt can just
go directly to query the changelog online.
What would be the benefit for "apt changelog" to look for such a footer?

I was assuming that life's a bit more messy than that, and that one
might want apt to use the local copy if it's complete, and download
otherwise -- if that's not the case, fine.

Cheers, Phil.
--
|)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd.
|-| http://www.hands.com/ http://ftp.uk.debian.org/
|(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3/FBWs4yJ/zyBwfW0EujoAEl1cAFAmL/bScACgkQ0EujoAEl 1cCbnw/7BlFtw+QXpK8PP3wiMv1s4Pw3kyXVnV5PkEpJFS6ROY2vZIc29Gxj/3o6 wkFEByQbLiyIhs6oM34V19896lu7Rc+M09AY40OPKtNQQ/ouL3SAmVpxiwnDkbZ9 8Ibzc4Q6tjAqqU41/haCgtIrv62pOloxu/FEbWHiOhMYLtNvusJ5o469W+C/vnQ+ 0CSDVxAT1mcl9rZo5i3VCeLrzd5/3ih2Vf+BskzBA7Lk3MQYCq9KLx50t13x/RUK SyYWnHyjaMsug1ukTAMBesaf+qBMHNdM724KVeh7KtneAb3lzn892Lou8hlI6xIS pJ+jICeSnG232xJn2yzhAAi9hBXixhEB+RdtfJwWiRbwjPAE5HxVqVLOyOVjq8Ze IxmErj1stMK2oqOZhcSb+gqwKlTkywUsOsrfE2OmNq75cG4pkNgs3jxJn5kue5i5 vtvw+DZHu/jlHc++tSjFlYn9Pqc0gCjbJGP5+g/BdPZQP72Pi9dA5JcSTIaZdlUj ZP6s2ipTtxSTT1ojAveBWO0ag69Eej6J0SNF6bvaYPToSir451XHg1Hc6umJ7KdN YraHX2u6/hX+8Tm9fpCVbcrHhfbUkN5qAB6QV2hEy8+Z10qUyhYbwOWRoZKbYQB2 R8JK40DhntD6n0B

On Fri, 2022-08-19 at 12:44 +0200, Philip Hands wrote:

Ansgar <ansgar@43-1.org> writes:

 - Having to spawn an external command ("dpkg --show-changelog") just
   to access a file is more complicated.

The fact that it currently needs to dug out of the main data archive
rather than the control archive to show the user changes at install time seemed like a decent reason to move it, but that was assuming that the
file would still end up being visible in the same place in the end.

As far as I understand the metadata proposal, how the changelog is
stored would be a (private) implementation detail of dpkg. It could be
just a file in /var/lib/dpkg/info/${pkg}.changelog, it could be stored
by hash (for deduplication), in a sqlite database, ...

If the goal was just to provide faster access for apt-listchanges and
similar tools, it might be enough to just shuffle the order of files in data.tar.* so that /usr/share/doc/*/changelog.Debian.* and similar are
the first members. This should even be backwards-compatible.

If that were not the case then I think it would be more trouble than
it's worth.

That is my opinion too.

Ansgar

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le jeudi 18 août 2022, 19:18:35 UTC Gioele Barabucci a écrit :

Hello,

in 2020 there was a brief discussion on debian-devel@ about trimming changelogs [1,2].

Now there is a working implementation of said functionality in `dh_installchangelogs` [3].

Could you stress on the mapage that some license ask to document the change done by downstream in binary distribution and that in this case this tool should be disable

bastien

This implementation, combined with the evolution of the apt/dpkg
ecosystem that happened in the meantime, provides now all the benefits
of changelog trimming (less wasted space and bandwidth worldwide,
reduced processing time) without the downsides discussed at the time.

## In detail

* `dh_installchangelogs` is modified install in binary packages the
trimmed changelogs, i.e. changelogs that contain only entries more
recent than the release date of oldstable.

* The trimming is done automatically in compat >= 14.

* The `--no-trim` option allows package maintainers that want to ship
the whole changelog a way to do so.

* The full changelogs are preserved in the source packages and thus
available via `apt changelog` and similar mechanisms.

* The trimming process happens at build time and requires no
modification to the changelogs stored in the VCS repos, nor changes to
the packaging.

## Data on file size reduction

On a sample of ~13.000 packages, the median reduction in size of
gzip-9'ed changelogs is 56% (mean 50%).

Ancient packages or heavily developed packages gain a lot from trimming
the changelogs. Some examples (gzipped → trimmed+gzipped):

* debian-keyring: 664k → 47k (-92%)
* dpkg (essential): 223k → 22k (-90%)
* apt (essential): 156k → 14k (-90%)
* systemd: 110k → 23k (-78%)
* gcc-12: 189k → 18k (-90%)
* python3.9: 48k → 4k (-90%)
* e2fsprogs: 68k → 7k (-89%)

## Consensus

Does anybody have objective objections against activating automatic
changelog trimming in binary packages?

Regards,

[1] https://lists.debian.org/debian-devel/2020/03/msg00299.html
[2] https://bugs.debian.org/954313
[3] https://salsa.debian.org/debian/debhelper/-/merge_requests/80

--
Gioele Barabucci

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmL/d3IACgkQADoaLapB CF8XghAAt4A2Rq4Zng/fWURhJEyrYl3IORTjUZKNDUELOrV62dQRc8pUQwz5dZ0c cAnEFJgwxax/H10DtJ5h2UmuPsfeIPxHfwAwHmnplN9k1aHFmvb7g993SlU9k70b DXcDGaMOD9bqPDE6q6gNenXKc7bGpxEoVkTKiLEoTs2k/Sp3RksgptV26pw5aHM/ pVUj+ajDbHIpLMtXbVjeawKpJpXW1CfLvoZ2uv+lFXZW+77l26C2pG3cYBE4bpNV K093NYbDrTt41M416rAvk/yZtV2hi8c6Ax8GILUX1KaemfAUDD6ES97uGH8/NBbq xjJG3EqPv/p0JKiP+Ibofa3gwysSlQisQIXcsVvCVkcUVBh+UYN/mQrmz3g6+EJT 0jl0eMKg9MzbCFsWI1GmkzjT66FSX6iYAeV0q5yyZbhlXKRuu4qHFlKqo52lBR4F ghSj6KzVsBUJqINZjPByYmZU4gUQEOB4CRNTuhfSRu8RicW4dbECXL/kOTBE48J6 ns+fwSKFdXBSqbXO61mMV3IRcjzQIZDRWFzMOn3lq9amy4+/bwhJp7VSmvtsfWK9 atIkO0tdQXKkfms+Rl76hMpxaomCd6EfxRJ0CK6Zfm4uUALcw3YVf2xJmmbC0VsY mZymxJ+RV9ZEFQwff8CxdJo70X6Mmd6f8ibbIqKPtCfDLL5VIV8=
=qlu8
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

On Fri 19 Aug 2022 at 11:44AM GMT, Bastien Roucariès wrote:

Le jeudi 18 août 2022, 19:18:35 UTC Gioele Barabucci a écrit :

Hello,

in 2020 there was a brief discussion on debian-devel@ about trimming
changelogs [1,2].

Now there is a working implementation of said functionality in
`dh_installchangelogs` [3].

Could you stress on the mapage that some license ask to document the change done by downstream in binary distribution and that in this case this tool should be disable

I think our separation of orig.tar and diff.gz/whatever has this
covered?

--
Sean Whitton

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmMCaGUZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQN0jD/9rcmgQf7J3uM6qExXgahcM OZsTFUQT0TqRgIXkM/mcJ8wFyy0XJ+bzcwTK7PpkgNv2jXDfgHTblo5xVTcGAQwE gUomHC4Kr+fOq5GI14EHLi6eG2AqkgBoJzpRLx+yzz8RXY+/bSWXbU9nu3myhha+ tHGR3NDZgascJjp9T3jzckbKCvi3xJoC9jREjcd6eVAK5ONp04ueHTqJqvMNnPkC 3xdpG+69T3py0+qhiaB1f/Z1COHWUm0ubCydTpvhdgToLUOViGNOYm8q94p3najQ d7FWiFVTb+lzBT7Q9AsNh+F8cswpbJ5jnfBxPsiRBfU8XRIFtUfmEbaZzwNE+D/8 wO7vEi3HZ1FMmyj0/AFsOFVkJJfG799Wcxp6AoBe8KUK7LgNfOO9gxPBO6qeVIGY WIuFIqXIImRViTxitGOuZAcmAMSHVmpV3YI20PZzX+mxz0azHNS/6UKUaEF3i4F/ vSKSmKyEjco1dkh2ND7GEhJoqhVfoaI8txLUWDhiYT/CMkT8N1mpXWWsCo8xdc0C fkWDmtjWlS/XzRoulzNojNnypb1DzjvAttFC/Y5NrGEqDubF90bMiiZI2lYRA3MV MfYvdIRL/lP/Nh0Lrxcw0kZZaFgzGaV1BADw0tKSmI+L4jJQVwCCtyJIHXE8GyTw yrSEOlZSUIwUrOyFnZEf6Q==qSA0
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Us

On Fri, Aug 19, 2022 at 11:44:03AM +0000, Bastien Roucariès wrote:

Le jeudi 18 août 2022, 19:18:35 UTC Gioele Barabucci a écrit :

Hello,

in 2020 there was a brief discussion on debian-devel@ about trimming changelogs [1,2].

Now there is a working implementation of said functionality in `dh_installchangelogs` [3].

Could you stress on the mapage that some license ask to document the change done by downstream in binary distribution and that in this case this tool should be disable

Like GPLv2's "You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change"? We already don't do this.


--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmMCacctFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh HzwP/0/wfKnwRJHECg+Uz6CpqCYLpHMmXnicLmdPPQzY+jbVYXcX1qFuQXhhAPO4 /P1DMdFF7y9bOjCWi4bWcgLX022JDJKyUf+3EUpLfNOkcPCfGbbXlzuzJweuBx3k 1ZluAQs2RBFv9U8bCywp4OT6ORhjbURYznNwuC0tyjIe/GKT0B9IVq9OXWCmuS9n ojzSFRQ6zVybc5+Q6LUwwtclL52geZ3nz3IfQooxCOMnjl7+UAB46IZ1c8Cclun3 ESxuoj5DYnyyhSEXxpgX7S+wuJdvZfLT4IBiJEgISHQNgGwV2NoUyRPJh6Lp89WJ mJwL1CKmMKI35ldeALu3AFbstbO7J+od7QoTDjkhX/9CGFluAdvibkWMi+50NoiX 94gnO/ffDkrhUOjkbkYnJu7DLnnm/d51iXrIEM5kbUaOID917dlGhxP+CTeet0vf kjQgWCnKcO08YJM69nZ48L3ZHRVOwsY/ZdjF/hIptgegoN9Jz6CX1eyUHnIWoAh4 o9uyqA00paFwOxYqu4B9vQb1hesET3iKugOYpKiY0ZJVgmk4cMtHQ+p4TJc9+K31 ejLs0o1tqzWYEsLyvO7406/MX4dxIUZSK33aCA33Th8Vl0s0JPelc2UKWNm9wuke h3OdZzNcxyaXSeL1GjZUwhpk1gPvr/NbgdX2Q9eDB3LhUSNw
=f7fO
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 18/08/22 21:18, Gioele Barabucci wrote:

Does anybody have objective objections against activating automatic
changelog trimming in binary packages?

Hi,

a couple of weeks since the initial email (thanks everybody for the
input), my reading is that there is now consensus in going ahead with
the proposed automatic trimming of changelogs.

## Addressed contrary objections

In particular, I understand that all contrary objections that were
raised have been satisfyingly addressed:

* Packages not meant to be included in Debian (and without access to a changelog server): Creators that want to preserve the full history can
use the `--no-trim` option to disable the trimming.

* Third-party repositories: Their administrators can provide access to
the full changelogs by setting `Changelogs:` in the `Release` file, or
can use `--no-trim` in the packages that they distribute.

* Users should be made aware that changelogs have been trimmed: `dh_installchangelogs` has been modified to add a comment at the end of
the trimmed changelogs.

* Source packages should retain full changelogs: This is, in fact,
already the case: only the changelogs included in the binary packages
are trimmed.

* Reproducible output: Once trimming will be enabled in
`dh_installchangelogs`, either the changelogs will be trimmed (default)
or not (due to the explicit use of `--no-trim`). This ensures the reproducibility of packages.

## Non-blocking concerns to be addressed in the future

In addition, there were concerns and ideas that were raised as non
blocking and that will be discussed and addressed in the future:

* Perhaps have dpkg treat changelogs as metadata: There are pros (deduplication) and cons (the need to have a new command like `dpkg --show-changelog`).

* d-security has no online changelogs: Fixing this has been proposed in
2008 (https://bugs.debian.org/490848) but it did not seem to sparkle
enough interest at the time (and users of d-security are unlikely to be interested in changelog entries older than old-old-stable).

* apt changelog could be instructed to choose between the local and the
remote changelogs, perhaps via options like `Changelogs::PreferOnline`
(to complement `AlwaysOnline`) and `--full`.

* Maybe the URLs used by the tracker to link to the changelogs and the
URLs used by apt to fetch the changelogs could be aligned.

Regards,

--
Gioele Barabucci

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 2022-09-06 at 07:13 +0200, Gioele Barabucci wrote:

* Packages not meant to be included in Debian (and without access to a changelog server): Creators that want to preserve the full history can
use the `--no-trim` option to disable the trimming.

Most derivatives aren't going to have a changelog server so I don't
think it makes sense to enable it by default on all derivatives.

Perhaps the dpkg vendor could be used as guidance for when the trimming
should occur by default? Unless Debian/Ubuntu, disable by default.

Then have a way for vendors to enable it by default if they want.

* Third-party repositories: Their administrators can provide access to
the full changelogs by setting `Changelogs:` in the `Release` file, or
can use `--no-trim` in the packages that they distribute.

Modifying every single package to add --no-trim would be tedious for
some repositories, perhaps allow a config option to disable it?

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmMXA+UACgkQMRa6Xp/6 aaPW1hAAp+QQh+yb+cL+vMUz1/Yqw/2P6eG8OVmVnREHe6IEcBGhOntk6kbFtpGx bxdzJheTwe+b30SYJK+Vs72bdkwTG7Cm4iVa6nSEkQJ32EBD4K7Ld2vFuxZdkFDX BVkEp5m8bGOgrBpto261urwZjLfmSELrAB9H7mcC9fe6b6GkcstJsqtEx/pAHVyS PqARlJRQxil0T9ZytnB0dB8SmFpoc88ycSNT5ihok0+Loqp2wEQYLlzVl1CfWCNr N8DxEXONYxJiiqmIdV5Gc9xSCOKZp2lBH5qQ4G7roIbv2PTdzf248XoIDtzMhE8E bHMbSiYDlhusZ/hjj/IYxOOhTcFkpVFQZYiybbJhj1x0dN6uHyt5v4pOZFp/HooN BPYpha3CmnnvWvnWdtjCESMTpHe3DQSye9M1V4JyZuUcIyti4JhitjoEziDYFrOQ Ba8VYKsdgOT5/afJv7AmqbpOQ2bxcZi5zIj2T4eRcmNnWkdXlkrQvXxHoUNbkvxW UR/A27GfC9cqAR6RQZOnnXN58tMRlzjKOC7muViuScRysocjRTGapJQ6RYd2H20f qgacnf0AYTsTCX2vKBRlcez0xymG1EnS3dJ0/W3b4Xr/B4EhNathXkFUGtE46IZn FdICbooquGFm2D+i/J3SJd9yY8hNMwlSh4NcdtpsXxBCBs2FmkM=
=+rMC
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Sep 06, 2022 at 12:11:38PM +0300, Hakan Bayındır wrote:

While all looks good and feels sound from many aspects, I have some reservations against treating changelogs as metadata.

Current changelogs as files have a well known place, can be used by anything and everything, and they are local.

Assuming you are talking about making changelogs available at a dpkg
command, as in the RPM world, it's actually making the way to get a
package changelog more well-known, not less.

Stuffing them behind a command, possibly making them online only in the process will arguably make system troubleshooting and administration harder, esp. if the system has connectivity issues.

If something critical breaks, I can boot to recovery and look at the logs
and changelogs of recently updated packages. Having recent-ish changelogs on the disk arguably accelerates the fixing process.

I don't think removing recent-ish changelogs from the disk is proposed
here.

--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmMXFfMtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh tOEP/RtxTndylAIEI8oFLvSSOgpCQASbI+21ysSdWOtG18fbZ3CvPdiY3ebl/h8T Q5DnIGsX1ipJOL4PQ7/T5cXnJ5Z+CfZ4RGi3Mkx6Ap3wvjk92eD+ZbY1vxtS0Lu0 m9IJnbW85Ir2pokK55l9dev9EZFKeX3ynGbJe+A8gwY6JRYpo4MQPOzvD00qiLWK 0IZR9Y0a1Lc5OdobQzzoA6vlpe+2mmxzmsNsVVIBLEcvFqYVhDP/d5/YpTcQG5Gk C5OKX/FJdv6J8pxqO8um93/2HX1Ja2he4zYO2fJ7cmzwyXEh2euu2OT5fZPw7Hkr Tv7D3ZUt7BCI6WfX6CWQBVO04TnRFgy3a2SG+2hedOFbmxMoyXSIVZTzHKBJXT2e PKKwIr5cdEi4ofXVJnTRXrAVJOduxu4cGQiZ3r1HQdfP5cb9BoCl1IoVdNzx3ZUG hhmUHt7XlVkWJQlNsNFY2nwN87hbEpxy29nLaZ59RRh8pT4KRPWZ1ahqRTf6CVl9 vZy9gSKDmws3tnG1cYanYT19rB8ur+2+WwjxLOlFDKNzSNMvyKfn0aQ07akfXNmy KgKvrT7xIa0CPRK3TGm7Or1uAzubiA6GCVaP+6ZqOqvLG8jY6VowdL5TjqbeeKaf TIhD8Ol3XNEZXWDOE81Hl972f+0iL+hy6O1EwOMCeX5sWAKp
=X8fJ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------1txL4wWE0PSkF0ZxLySd3OsT
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

SGVsbG8gYWxsLA0KDQpXaGlsZSBhbGwgbG9va3MgZ29vZCBhbmQgZmVlbHMgc291bmQgZnJv bSBtYW55IGFzcGVjdHMsIEkgaGF2ZSBzb21lIA0KcmVzZXJ2YXRpb25zIGFnYWluc3QgdHJl YXRpbmcgY2hhbmdlbG9ncyBhcyBtZXRhZGF0YS4NCg0KQ3VycmVudCBjaGFuZ2Vsb2dzIGFz IGZpbGVzIGhhdmUgYSB3ZWxsIGtub3duIHBsYWNlLCBjYW4gYmUgdXNlZCBieSANCmFueXRo aW5nIGFuZCBldmVyeXRoaW5nLCBhbmQgdGhleSBhcmUgbG9jYWwuDQoNClN0dWZmaW5nIHRo ZW0gYmVoaW5kIGEgY29tbWFuZCwgcG9zc2libHkgbWFraW5nIHRoZW0gb25saW5lIG9ubHkg aW4gdGhlIA0KcHJvY2VzcyB3aWxsIGFyZ3VhYmx5IG1ha2Ugc3lzdGVtIHRyb3VibGVzaG9v dGluZyBhbmQgYWRtaW5pc3RyYXRpb24gDQpoYXJkZXIsIGVzcC4gaWYgdGhlIHN5c3RlbSBo YXMgY29ubmVjdGl2aXR5IGlzc3Vlcy4NCg0KSWYgc29tZXRoaW5nIGNyaXRpY2FsIGJyZWFr cywgSSBjYW4gYm9vdCB0byByZWNvdmVyeSBhbmQgbG9vayBhdCB0aGUgDQpsb2dzIGFuZCBj aGFuZ2Vsb2dzIG9mIHJlY2VudGx5IHVwZGF0ZWQgcGFja2FnZXMuIEhhdmluZyByZWNlbnQt aXNoIA0KY2hhbmdlbG9ncyBvbiB0aGUgZGlzayBhcmd1YWJseSBhY2NlbGVyYXRlcyB0aGUg Zml4aW5nIHByb2Nlc3MuDQoNCk5vdCBleHBhbmRpbmcgdGhlIHRvb2xzIGFuZCBjYXBhYmls aXRpZXMgcmVxdWlyZWQgdG8gZG8gc3lzdGVtIA0KbWFpbnRlbmFuY2UgYW5kIGRpc2FzdGVy IHJlY292ZXJ5IGlzIGEgZ29vZCB0YXJnZXQgdG8gaGF2ZSBpZiB5b3UgYXNrIG1lLg0KDQpD aGVlcnMsDQoNCkhha2FuDQoNCk9uIDYuMDkuMjAyMiAwODoxMywgR2lvZWxlIEJhcmFidWNj aSB3cm90ZToNCj4gT24gMTgvMDgvMjIgMjE6MTgsIEdpb2VsZSBCYXJhYnVjY2kgd3JvdGU6 DQo+PiBEb2VzIGFueWJvZHkgaGF2ZSBvYmplY3RpdmUgb2JqZWN0aW9ucyBhZ2FpbnN0IGFj dGl2YXRpbmcgYXV0b21hdGljIA0KPj4gY2hhbmdlbG9nIHRyaW1taW5nIGluIGJpbmFyeSBw YWNrYWdlcz8NCj4gDQo+IEhpLA0KPiANCj4gYSBjb3VwbGUgb2Ygd2Vla3Mgc2luY2UgdGhl IGluaXRpYWwgZW1haWwgKHRoYW5rcyBldmVyeWJvZHkgZm9yIHRoZSANCj4gaW5wdXQpLCBt eSByZWFkaW5nIGlzIHRoYXQgdGhlcmUgaXMgbm93IGNvbnNlbnN1cyBpbiBnb2luZyBhaGVh ZCB3aXRoIA0KPiB0aGUgcHJvcG9zZWQgYXV0b21hdGljIHRyaW1taW5nIG9mIGNoYW5nZWxv Z3MuDQo+IA0KPiAjIyBBZGRyZXNzZWQgY29udHJhcnkgb2JqZWN0aW9ucw0KPiANCj4gSW4g cGFydGljdWxhciwgSSB1bmRlcnN0YW5kIHRoYXQgYWxsIGNvbnRyYXJ5IG9iamVjdGlvbnMg dGhhdCB3ZXJlIA0KPiByYWlzZWQgaGF2ZSBiZWVuIHNhdGlzZnlpbmdseSBhZGRyZXNzZWQ6 DQo+IA0KPiAqIFBhY2thZ2VzIG5vdCBtZWFudCB0byBiZSBpbmNsdWRlZCBpbiBEZWJpYW4g KGFuZCB3aXRob3V0IGFjY2VzcyB0byBhIA0KPiBjaGFuZ2Vsb2cgc2VydmVyKTogQ3JlYXRv cnMgdGhhdCB3YW50IHRvIHByZXNlcnZlIHRoZSBmdWxsIGhpc3RvcnkgY2FuIA0KPiB1c2Ug dGhlIGAtLW5vLXRyaW1gIG9wdGlvbiB0byBkaXNhYmxlIHRoZSB0cmltbWluZy4NCj4gDQo+ ICogVGhpcmQtcGFydHkgcmVwb3NpdG9yaWVzOiBUaGVpciBhZG1pbmlzdHJhdG9ycyBjYW4g cHJvdmlkZSBhY2Nlc3MgdG8gDQo+IHRoZSBmdWxsIGNoYW5nZWxvZ3MgYnkgc2V0dGluZyBg Q2hhbmdlbG9nczpgIGluIHRoZSBgUmVsZWFzZWAgZmlsZSwgb3IgDQo+IGNhbiB1c2UgYC0t bm8tdHJpbWAgaW4gdGhlIHBhY2thZ2VzIHRoYXQgdGhleSBkaXN0cmlidXRlLg0KPiANCj4g KiBVc2VycyBzaG91bGQgYmUgbWFkZSBhd2FyZSB0aGF0IGNoYW5nZWxvZ3MgaGF2ZSBiZWVu IHRyaW1tZWQ6IA0KPiBgZGhfaW5zdGFsbGNoYW5nZWxvZ3NgIGhhcyBiZWVuIG1vZGlmaWVk IHRvIGFkZCBhIGNvbW1lbnQgYXQgdGhlIGVuZCBvZiANCj4gdGhlIHRyaW1tZWQgY2hhbmdl bG9ncy4NCj4gDQo+ICogU291cmNlIHBhY2thZ2VzIHNob3VsZCByZXRhaW4gZnVsbCBjaGFu Z2Vsb2dzOiBUaGlzIGlzLCBpbiBmYWN0LCANCj4gYWxyZWFkeSB0aGUgY2FzZTogb25seSB0 aGUgY2hhbmdlbG9ncyBpbmNsdWRlZCBpbiB0aGUgYmluYXJ5IHBhY2thZ2VzIA0KPiBhcmUg dHJpbW1lZC4NCj4gDQo+ICogUmVwcm9kdWNpYmxlIG91dHB1dDogT25jZSB0cmltbWluZyB3 aWxsIGJlIGVuYWJsZWQgaW4gDQo+IGBkaF9pbnN0YWxsY2hhbmdlbG9nc2AsIGVpdGhlciB0 aGUgY2hhbmdlbG9ncyB3aWxsIGJlIHRyaW1tZWQgKGRlZmF1bHQpIA0KPiBvciBub3QgKGR1 ZSB0byB0aGUgZXhwbGljaXQgdXNlIG9mIGAtLW5vLXRyaW1gKS4gVGhpcyBlbnN1cmVzIHRo ZSANCj4gcmVwcm9kdWNpYmlsaXR5IG9mIHBhY2thZ2VzLg0KPiANCj4gIyMgTm9uLWJsb2Nr aW5nIGNvbmNlcm5zIHRvIGJlIGFkZHJlc3NlZCBpbiB0aGUgZnV0dXJlDQo+IA0KPiBJbiBh ZGRpdGlvbiwgdGhlcmUgd2VyZSBjb25jZXJucyBhbmQgaWRlYXMgdGhhdCB3ZXJlIHJhaXNl ZCBhcyBub24gDQo+IGJsb2NraW5nIGFuZCB0aGF0IHdpbGwgYmUgZGlzY3Vzc2VkIGFuZCBh ZGRyZXNzZWQgaW4gdGhlIGZ1dHVyZToNCj4gDQo+ICogUGVyaGFwcyBoYXZlIGRwa2cgdHJl YXQgY2hhbmdlbG9ncyBhcyBtZXRhZGF0YTogVGhlcmUgYXJlIHByb3MgDQo+IChkZWR1cGxp Y2F0aW9uKSBhbmQgY29ucyAodGhlIG5lZWQgdG8gaGF2ZSBhIG5ldyBjb21tYW5kIGxpa2Ug YGRwa2cgDQo+IC0tc2hvdy1jaGFuZ2Vsb2dgKS4NCj4gDQo+ICogZC1zZWN1cml0eSBoYXMg bm8gb25saW5lIGNoYW5nZWxvZ3M6IEZpeGluZyB0aGlzIGhhcyBiZWVuIHByb3Bvc2VkIGlu IA0KPiAyMDA4IChodHRwczovL2J1Z3MuZGViaWFuLm9yZy80OTA4NDgpIGJ1dCBpdCBkaWQg bm90IHNlZW0gdG8gc3BhcmtsZSANCj4gZW5vdWdoIGludGVyZXN0IGF0IHRoZSB0aW1lIChh bmQgdXNlcnMgb2YgZC1zZWN1cml0eSBhcmUgdW5saWtlbHkgdG8gYmUgDQo+IGludGVyZXN0 ZWQgaW4gY2hhbmdlbG9nIGVudHJpZXMgb2xkZXIgdGhhbiBvbGQtb2xkLXN0YWJsZSkuDQo+ IA0KPiAqIGFwdCBjaGFuZ2Vsb2cgY291bGQgYmUgaW5zdHJ1Y3RlZCB0byBjaG9vc2UgYmV0 d2VlbiB0aGUgbG9jYWwgYW5kIHRoZSANCj4gcmVtb3RlIGNoYW5nZWxvZ3MsIHBlcmhhcHMg dmlhIG9wdGlvbnMgbGlrZSBgQ2hhbmdlbG9nczo6UHJlZmVyT25saW5lYCANCj4gKHRvIGNv bXBsZW1lbnQgYEFsd2F5c09ubGluZWApIGFuZCBgLS1mdWxsYC4NCj4gDQo+ICogTWF5YmUg dGhlIFVSTHMgdXNlZCBieSB0aGUgdHJhY2tlciB0byBsaW5rIHRvIHRoZSBjaGFuZ2Vsb2dz IGFuZCB0aGUgDQo+IFVSTHMgdXNlZCBieSBhcHQgdG8gZmV0Y2ggdGhlIGNoYW5nZWxvZ3Mg Y291bGQgYmUgYWxpZ25lZC4NCj4gDQo+IFJlZ2FyZHMsDQo+IA0KPiAtLSANCj4gR2lvZWxl IEJhcmFidWNjaQ0K

--------------1txL4wWE0PSkF0ZxLySd3OsT--

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEULItFeESq+SJGkXo3mItzvCdB5wFAmMXDsoACgkQ3mItzvCd B5x5iA/9HmLubJN6bl++F6oQOY/+izVipNOloki9G4AfpeeXFw205OgYnX0C5Nda Rs3hlPFbFxKdHgFnf2PnONuSmSQRYE5MC05iB0Ao3XHbQn8yz64dfmnQtwBNsRIT yCMcsGuIL3mSJS8P89ro4XSyvizQzV5HXiYHsZMPlSnep2qTkugTiXCQPFQcDDva ntIEo+6yc6Xe71L5E1TvxaEVCNuCUiC8LXaAjuwSPfvSSCdCqC8zO8nWVhXO7XGt 1iNpBzNuzAMAhNcRbWm1Cqp3+RPSJFoY45nhdNUnDnrhlQKVazd4DH+M7pDNZ6Ns WsJZ2PX4TvrJmDd370c4y2MDCVrb5scs0Y5U7hOVS4i6DNRO3xUPfgv5XXp4K/oX 6yqJjzRjT/M4HtHRRov7TVzxsF8yqO6HZD83yh/8ZPQblS1zQhFScXzzquB65FUK xESV9Lfdftfkd3ma81dZE+tHI6LFOS82UCEjxSDl2wCFzVG0+cqg7QfA5EIQIkim WJAj2EdCoSzzAwAXtsQgmZAx74hCYz0JC0WuBVr1zfOVe65ywSbEDW8GFJb2iAKp CTbORDPl5CaPjZeMwJR9TaczpS/lEmF0gm2tKbv464QPSoAgi1t9WofyPqhGHA5f 8Mm05kpdIPcqPVSLJ0Eh+iQbt5TSKq9PPonpK1Fzbjuaz+lvCSk=
=5q4H
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Paul Wise:

On Tue, 2022-09-06 at 07:13 +0200, Gioele Barabucci wrote:

* Packages not meant to be included in Debian (and without access to a
changelog server): Creators that want to preserve the full history can
use the `--no-trim` option to disable the trimming.

Most derivatives aren't going to have a changelog server so I don't
think it makes sense to enable it by default on all derivatives.

Perhaps the dpkg vendor could be used as guidance for when the trimming should occur by default? Unless Debian/Ubuntu, disable by default.

Then have a way for vendors to enable it by default if they want.

* Third-party repositories: Their administrators can provide access to
the full changelogs by setting `Changelogs:` in the `Release` file, or
can use `--no-trim` in the packages that they distribute.

Modifying every single package to add --no-trim would be tedious for
some repositories, perhaps allow a config option to disable it?

Sounds like a job for (not yet implemented) DEB_BUILD_OPTIONS=notrimdch
(or some other name).

Thanks,
~Niels

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 06/09/22 10:25, Paul Wise wrote:

On Tue, 2022-09-06 at 07:13 +0200, Gioele Barabucci wrote:

* Packages not meant to be included in Debian (and without access to a
changelog server): Creators that want to preserve the full history can
use the `--no-trim` option to disable the trimming.

Most derivatives aren't going to have a changelog server so I don't
think it makes sense to enable it by default on all derivatives.

Perhaps the dpkg vendor could be used as guidance for when the trimming should occur by default? Unless Debian/Ubuntu, disable by default.

I have searched the debhelper's source code and its documentation for
how it handles derivative distros, and it seems to me that

1) derivative distros are not handled at all,

2) the implicit policy is that vendors will modify the default
parameters to suit their needs.

In addition (or in alternative) to what Niels suggested in the other
reply, derivatives could add to their patchsets a 1-line patch to make `--no-trim` the default. That would be in line with the kind of
modifications that derivs to fit Debian to their needs, wouldn't it?

Regards,

--
Gioele Barabucci

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 06/09/22 11:42, Andrey Rahmatullin wrote:

On Tue, Sep 06, 2022 at 12:11:38PM +0300, Hakan Bayındır wrote:

Stuffing them behind a command, possibly making them online only in the
process will arguably make system troubleshooting and administration harder, >> esp. if the system has connectivity issues.

If something critical breaks, I can boot to recovery and look at the logs
and changelogs of recently updated packages. Having recent-ish changelogs on >> the disk arguably accelerates the fixing process.

I don't think removing recent-ish changelogs from the disk is proposed
here.

Andrey is correct: what is being proposed is just trimming the installed changelogs, not removing them completely. And the full logs will remain
in the source packages.

Regards,

--
Gioele Barabucci

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 11 Sep 2022, at 14:59, Andrey Rahmatullin <wrar@debian.org> wrote:

On Sun, Sep 11, 2022 at 02:41:24PM +0300, Hakan Bayındır wrote:

On Tue, Sep 06, 2022 at 12:11:38PM +0300, Hakan Bayındır wrote:

While all looks good and feels sound from many aspects, I have some
reservations against treating changelogs as metadata.

Current changelogs as files have a well known place, can be used by anything
and everything, and they are local.

Assuming you are talking about making changelogs available at a dpkg
command, as in the RPM world, it's actually making the way to get a
package changelog more well-known, not less.

If this created the opposite effect in RPM world w.r.t. my theory, then I stand corrected.

It didn't create anything because that was how it worked from the
beginning.
But yes, it's easier to run -q --changelog than write a full file path.

While I manage RPM based systems too, I’m not that familiar with depths of RPM.

Stuffing them behind a command, possibly making them online only in the >>>> process will arguably make system troubleshooting and administration harder,
esp. if the system has connectivity issues.

If something critical breaks, I can boot to recovery and look at the logs >>>> and changelogs of recently updated packages. Having recent-ish changelogs on
the disk arguably accelerates the fixing process.

I don't think removing recent-ish changelogs from the disk is proposed
here.

Again, I may have misread, then. Because what I understood is

Trim changelogs:
1. Convert them to metadata
2. Ship untrimmed part in package DB
3. Get remaining part from network

Effectively eliminating /usr/share/doc/*changelog* files.

Even this isn't "making them online only".

Yes, you’re right. However, my reservation is whether dpkg is more prone to breaking in disaster recovery scenarios. Reading a gzipped file is always simpler than querying a DB via more abstraction.

Cheers,

H.

--
WBR, wRAR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Andrey,

On 6 Sep 2022, at 12:42, Andrey Rahmatullin <wrar@debian.org> wrote:

On Tue, Sep 06, 2022 at 12:11:38PM +0300, Hakan Bayındır wrote:

While all looks good and feels sound from many aspects, I have some
reservations against treating changelogs as metadata.

Current changelogs as files have a well known place, can be used by anything >> and everything, and they are local.

Assuming you are talking about making changelogs available at a dpkg
command, as in the RPM world, it's actually making the way to get a
package changelog more well-known, not less.

If this created the opposite effect in RPM world w.r.t. my theory, then I stand corrected.

Stuffing them behind a command, possibly making them online only in the
process will arguably make system troubleshooting and administration harder, >> esp. if the system has connectivity issues.

If something critical breaks, I can boot to recovery and look at the logs
and changelogs of recently updated packages. Having recent-ish changelogs on >> the disk arguably accelerates the fixing process.

I don't think removing recent-ish changelogs from the disk is proposed
here.

Again, I may have misread, then. Because what I understood is

Trim changelogs:
1. Convert them to metadata
2. Ship untrimmed part in package DB
3. Get remaining part from network

Effectively eliminating /usr/share/doc/*changelog* files.

Thanks for clarifying both,

Cheers,

H.

--
WBR, wRAR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Sep 11, 2022 at 02:41:24PM +0300, Hakan Bayındır wrote:

On Tue, Sep 06, 2022 at 12:11:38PM +0300, Hakan Bayındır wrote:

While all looks good and feels sound from many aspects, I have some
reservations against treating changelogs as metadata.

Current changelogs as files have a well known place, can be used by anything
and everything, and they are local.

Assuming you are talking about making changelogs available at a dpkg command, as in the RPM world, it's actually making the way to get a
package changelog more well-known, not less.

If this created the opposite effect in RPM world w.r.t. my theory, then I stand corrected.

It didn't create anything because that was how it worked from the
beginning.
But yes, it's easier to run -q --changelog than write a full file path.

Stuffing them behind a command, possibly making them online only in the
process will arguably make system troubleshooting and administration harder,
esp. if the system has connectivity issues.

If something critical breaks, I can boot to recovery and look at the logs >> and changelogs of recently updated packages. Having recent-ish changelogs on
the disk arguably accelerates the fixing process.

I don't think removing recent-ish changelogs from the disk is proposed here.

Again, I may have misread, then. Because what I understood is

Trim changelogs:
1. Convert them to metadata
2. Ship untrimmed part in package DB
3. Get remaining part from network

Effectively eliminating /usr/share/doc/*changelog* files.

Even this isn't "making them online only".

--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmMdzZctFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh /sEQAJjak/ONW5BFZadJtzCT36FtbQK/eNYxM8C0AGkESWsIxqaxHx5BxD14822f qBIiyUzYr1W7TWy+GUUI/U3kNh+S55J65hCN784Xe/q96KhSFmt/ojDlRfXWd/fj jc3ksidMbl1f5ulBpl1KKbrRRG2fIC4vG/FYJKLFj4lQdgOCrOPC03G/R2EW3blS Og8UR3Iyybzghnw4oP/ED5LPWd8XIk1kN6lt0/ak8HYPc+OI9XjgYs8mbdD7Hoe2 Sd4kuGGA+c3VJOXwkuOv6CSfZ39RrwfmIZGB0JT+GyL0+PrmXBFHFSP19WCCfNgU R9Y4NrUMSvGuNA4qdJxjHQOPa2Pfnp8V3RTBl2U0PcRr1zNfigHKFVCU5n7S1jUA /C+sjJKSMjakK433rKY7JJ82qrgvtPxHw+7ni2hPs0AKoOcHC7FDSitI53wIB3bh cgwyj3s6s/k47RRcibk6zo87G9TeUR3rxPKYqoFT3WibgwGgmG5b1AfmeYNFBN/G VW4vlt4+8NQGtTAi/kg+pz8C/085pp2dsxwd3VRHdyB7/B4WSKru2CMG3RAJAKin G3pMgxLPXJYZ6/qX3Yi/XXgfvMZQHSBFOVxyM6z/hHaBC8K99jgJzT3cIqKGr3F2 2u5ttbDpJqOccUaDn+glHH+ICmsWpnmPA8iZYmnxYQMge8Mz
=XbvS
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Sep 11, 2022 at 03:09:07PM +0300, Hakan Bayındır wrote:

Stuffing them behind a command, possibly making them online only in the >>>> process will arguably make system troubleshooting and administration harder,
esp. if the system has connectivity issues.

If something critical breaks, I can boot to recovery and look at the logs
and changelogs of recently updated packages. Having recent-ish changelogs on
the disk arguably accelerates the fixing process.

I don't think removing recent-ish changelogs from the disk is proposed >>> here.

Again, I may have misread, then. Because what I understood is

Trim changelogs:
1. Convert them to metadata
2. Ship untrimmed part in package DB
3. Get remaining part from network

Effectively eliminating /usr/share/doc/*changelog* files.

Even this isn't "making them online only".

Yes, you’re right. However, my reservation is whether dpkg is more prone to breaking in disaster recovery scenarios. Reading a gzipped file is always simpler than querying a DB via more abstraction.

I assume that cases when your dpkg database is broken and cases when you
need to read changelogs of updated packages shouldn't intersect.

--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmMd0IgtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh gIwP/0CG74GEmzqcEEprKStaL/Wrt9HRptrcfimAf/Bd3csU9w58sqJttdKpZogG 1bfab6mCdEGmyOyRkvHzqPQ9t5J2GNKXooZRQY8E4JtscR/mypBrQ26nv2mTphu+ T9A7SaWvfZwEIbFegPWPZ+EF5td1w7EB1G7bpY/S3GwHvrwWhFDGhTzB1eht6jKx 2xR47h8Ah/FFPhmjYEGDAzWDcF2uuRGMWId1kD8pI/aZd7iXcqA8b7lvBfmU+BZM GjD+ctkPSB7lJHT1iGu2tRolmkiDBquBG29+7EWqEs6Lgot+jgOdX+pwJApd3Q8l 2scO2EJwNK3QeKq/4DX50S+b1C6iBXQ3mQXCp7yx+yg7G0dcIc/TCvw4OfKai1TF SbbLPfAJ0NolwpKuG5kJ/779+e9BFgpTn6YVRz8jZtEWfNZrb29W1c2rbnlr4bxC aDSl9DwWWikUfMQISzu7AnCLJ0fOJCAT6DowpGti3eAy+yMP1qW8kwP5CrvB3b1M +LAAwgdieqC71Quzp20MOsXozS/2QXuZfWbQ8AEYdhbO/JBYMTLXYlxKRy+x9lpF gEpskC8ZY73FHVTtFhwQ9rIlPn2WgETEe3F0XIvMm2qLPPNuyjEMC6glV2QG4IYH dNO8mxu3wzG4j161xWdeza1fzZ1N3WhrgxbbelQkS+AvHvyM
=xqL6
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Sep 11, 2022 at 03:09:07PM +0300, Hakan Bayındır wrote:

Yes, you’re right. However, my reservation is whether dpkg is more prone to breaking in disaster recovery scenarios. Reading a gzipped file is always simpler than querying a DB via more abstraction.

Honestly though, the way to track down a regression is to read /var/log/dpkg.log, not changelogs.

--
w@uter.{be,co.za}
wouter@{grep.be,fosdem.org,debian.org}

I will have a Tin-Actinium-Potassium mixture, thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 14 Sep 2022, at 10:37, Wouter Verhelst <wouter@debian.org> wrote:

On Sun, Sep 11, 2022 at 03:09:07PM +0300, Hakan Bayındır wrote:

Yes, you’re right. However, my reservation is whether dpkg is more prone to
breaking in disaster recovery scenarios. Reading a gzipped file is always
simpler than querying a DB via more abstraction.

Honestly though, the way to track down a regression is to read /var/log/dpkg.log, not changelogs.

Does /var/log/dpkg.log contain why my VPNs suddenly don’t connect or my daemon behaves differently after the last update? I thought they’re delivered through news and changelogs.

Actually, OpenVPN’s changing defaults are nicely delivered through NEWS and changelogs, so I know why things broke at the first place.

Cheers,

H.

--
w@uter.{be,co.za}
wouter@{grep.be,fosdem.org,debian.org}

I will have a Tin-Actinium-Potassium mixture, thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

* Hakan Bayındır <hakan@bayindir.org> [220914 03:41]:

On 14 Sep 2022, at 10:37, Wouter Verhelst <wouter@debian.org> wrote:

On Sun, Sep 11, 2022 at 03:09:07PM +0300, Hakan Bayındır wrote:

Yes, you’re right. However, my reservation is whether dpkg is more prone to
breaking in disaster recovery scenarios. Reading a gzipped file is always >> simpler than querying a DB via more abstraction.

Honestly though, the way to track down a regression is to read /var/log/dpkg.log, not changelogs.

Does /var/log/dpkg.log contain why my VPNs suddenly don’t connect or
my daemon behaves differently after the last update? I thought they’re delivered through news and changelogs.

Actually, OpenVPN’s changing defaults are nicely delivered through
NEWS and changelogs, so I know why things broke at the first place.

And the trimmed changelogs are unlikely to alter that at all. The
probability that the change that caused your VPN to break will have been trimmed are close to zero. If it has been trimmed, it means you haven't upgraded in more than two releases, and yes, you will have to get the
untrimmed changelog using apt changelog.

...Marvin

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Sep 14, 2022 at 10:40:28AM +0300, Hakan Bayındır wrote:

On 14 Sep 2022, at 10:37, Wouter Verhelst <wouter@debian.org> wrote:

On Sun, Sep 11, 2022 at 03:09:07PM +0300, Hakan Bayındır wrote:

Yes, you’re right. However, my reservation is whether dpkg is more prone to
breaking in disaster recovery scenarios. Reading a gzipped file is always >> simpler than querying a DB via more abstraction.

Honestly though, the way to track down a regression is to read /var/log/dpkg.log, not changelogs.

Does /var/log/dpkg.log contain why my VPNs suddenly don’t connect or my daemon behaves differently after the last update? I thought they’re delivered
through news and changelogs.

They are. And once you know which package is likely to be the culprit,
you can look at changelogs.

But in order to do that, you would have to look at which packages were
upgraded first. That's what dpkg.log helps you with.

--
w@uter.{be,co.za}
wouter@{grep.be,fosdem.org,debian.org}

I will have a Tin-Actinium-Potassium mixture, thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le Tue, Sep 06, 2022 at 07:13:30AM +0200, Gioele Barabucci a écrit :

On 18/08/22 21:18, Gioele Barabucci wrote:

Does anybody have objective objections against activating automatic changelog trimming in binary packages?

Hi,

a couple of weeks since the initial email (thanks everybody for the input), my reading is that there is now consensus in going ahead with the proposed automatic trimming of changelogs.

Count me out. changelog embbed Debian history. The very first entries
are often very important. It is much more convenient to have them as
file you can grep to that as output of some commands that depend
on network availability.

Network access is not universal. There are better way to save diskspace.

Cheers,
--
Bill. <ballombe@debian.org>

Imagine a large red swirl here.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

19 septembre 2022 23:19 "Bill Allombert" <ballombe@debian.org> a écrit:> Le Tue, Sep 06, 2022 at 07:13:30AM +0200, Gioele Barabucci a écrit :> >> On 18/08/22 21:18, Gioele Barabucci wrote:>> Does anybody have objective objections against activating
automatic>> changelog trimming in binary packages?>> >> Hi,>> >> a couple of weeks since the initial email (thanks everybody for the input),>> my reading is that there is now consensus in going ahead with the proposed>> automatic trimming of
changelogs.> > Count me out. changelog embbed Debian history. The very first entries> are often very important.They can be important _in the source package_. I have yet to see binary packagesfor which having access to early debian/changelog entries
matters at all.( debian/NEWS is another story of course, and these are not affected).

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)