HyperWiki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
en:manual:contrib:packaging_guidelines [2024/02/22 18:05]
throgh 		en:manual:contrib:packaging_guidelines [2024/05/26 12:49] (current)
throgh
Line 42: Line 42:
     * d) If there is an official tarball, however tarballs from the official Debian repositories contain bugfixes. In this case, the official tarballs from Debian should be used by default. (eg. Mutt+NeoMutt bugfixes)     * d) If there is an official tarball, however tarballs from the official Debian repositories contain bugfixes. In this case, the official tarballs from Debian should be used by default. (eg. Mutt+NeoMutt bugfixes)
     * e) If there is an official tarball, however it requires download git submodules to be built from the source. In this case, tarballs from the official Debian repositories is the alternative option.     * e) If there is an official tarball, however it requires download git submodules to be built from the source. In this case, tarballs from the official Debian repositories is the alternative option.
-    * f) If there are no available tarballsIn this case, it should be used in a specific tag or branch from a version control system (VCS) and repackaged with the appropriate suffix (eg. **-bzr** for Bazaar, **-git** for Git, **-hg** for Mercurial and **-svn** for Subversion) until a final version is available. +    * f) If there are no available tarballs anywhere: In this case the software is not to be used finally.
-    * g) If there is not support for GNU/Linux in tarballs, tags or branches. In this case, a master branch from a version control system (VCS) could be used temporarily and repackaged with the appropriate suffix (eg. **-bzr** for Bazaar, **-git** for Git, **-hg** for Mercurial and **-svn** for Subversion) until a final version with GNU/Linux support is available.+
   - **SHA-512**: All packages should use SHA-512 cryptographic hash functions only. Other cryptographic hash functions such as MD5 and SHA-1 should not be used because they are severely compromised. Exceptions are considered:   - **SHA-512**: All packages should use SHA-512 cryptographic hash functions only. Other cryptographic hash functions such as MD5 and SHA-1 should not be used because they are severely compromised. Exceptions are considered:
     * a) If the package is using a version control system (VCS) because it does not contain GNU/Linux support or/and tarballs.     * a) If the package is using a version control system (VCS) because it does not contain GNU/Linux support or/and tarballs.
   - **GPG**: All packages should use signature verification. Exceptions are considered:   - **GPG**: All packages should use signature verification. Exceptions are considered:
     * a) If tarballs do not contain signatures.     * a) If tarballs do not contain signatures.
 +    * b) If the corresponding gpg-key is no longer valid.
   - **Anti-obfuscation**: obfuscation is the deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for humans to understand. All obfuscated code will be **rejected** without exceptions.   - **Anti-obfuscation**: obfuscation is the deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for humans to understand. All obfuscated code will be **rejected** without exceptions.
 +  - **No GNU/Linux-only software**: As Hyperbola is oriented on UNIX we do not support software only for GNU/Linux. As long as there is no need for a driver or any other framework running Hyperbola GNU/Linux-libre as transition-base towards HyperbolaBSD we will not add the software.