Translation(s): none

Theory

The source of a package often consists of three files: a .orig.tar.gz, a .dsc and a .diff.gz, except in the case of software made specifically for Debian (also called native packages), in which no .diff.gz file exists and .tar.gz file usually won't have "orig" in the name.

The .orig.tar.gz file consists of the source code of the program as the original author developed it, or as close to that as possible. No Debian-specific changes are done to it. Of course sometimes it's impossible to keep the original tarball exactly as its authors delivered it for various different reasons:

The .diff.gz files includes all the changes made specifically for Debian, including all the files related to the packaging (which always go into the debian/ directory once applied). The format of this file is a gzip'ed difference file (a patch) between the original tarball and the final source we'll need to create the packages. The diff.gz file won't be able to handle differences between binary files, because of the options used to create it, so if any binary file needs to be changed in the original code to create the packages (typically graphical .png or .jpg image files, for example), the maintainer has to find a workaround for that.

The .dsc file is a short text file that handles some information about the source package, its name and version, the name of its maintainers, the dependencies needed for creating the binary packages from it, the rest of the files that are part of the package source and its hash representation. As the .dsc file is almost always digitally signed, it can be guaranteed that neither this file nor the rest of the files that make the source of the packages have been modified by a third party.