| Message ID | 1445181974-19619-1-git-send-email-s.martin49@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
Hi Samuel, all On Sun, Oct 18, 2015 at 5:26 PM, Samuel Martin <s.martin49@gmail.com> wrote: > This note is no longer needed, so remove it. > > Tarballs generated by GitHub are always the same, so hashes can be > checked. > > This reverts commit 9474cc2594c8643301164500ce6eb62546da2b8f. > > Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> > Signed-off-by: Samuel Martin <s.martin49@gmail.com> > --- > docs/manual/adding-packages-directory.txt | 7 ------- > 1 file changed, 7 deletions(-) > > diff --git a/docs/manual/adding-packages-directory.txt > b/docs/manual/adding-packages-directory.txt > index b66e447..8745c41 100644 > --- a/docs/manual/adding-packages-directory.txt > +++ b/docs/manual/adding-packages-directory.txt > @@ -449,13 +449,6 @@ strong hash yourself (preferably +sha256+, but not > +md5+), and mention > this in a comment line above the hashes. > > .Note > -If +libfoo+ is from GitHub (see xref:github-download-url[] for details), > we > -can only accept a +.hash+ file if the package is a released (e.g. uploaded > -by the maintainer) tarball. Otherwise, the automatically generated tarball > -may change over time, and thus its hashes may be different each time it is > -downloaded, causing a +.hash+ mismatch for that tarball. > - > -.Note > The number of spaces does not matter, so one can use spaces (or tabs) to > properly align the different fields. > > -- > 2.6.1 > > I am all in favor for this, just a quick question: Should we wait FOSDEM where we said that if there was not any problem we would simply add all the missing hashes for GitHub packages ? Or we go back on what we said and we do it now ? And so, should we apply this now, or wait a bit ? Samuel: There's a sentence two lines lower, that references the fact that the 'none' type for the hashes is usefull for Github, it should go too (haven't checked if there's more, but I don't think so)
Dear Samuel Martin, On Sun, 18 Oct 2015 17:26:14 +0200, Samuel Martin wrote: > This note is no longer needed, so remove it. > > Tarballs generated by GitHub are always the same, so hashes can be > checked. > > This reverts commit 9474cc2594c8643301164500ce6eb62546da2b8f. > > Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> > Signed-off-by: Samuel Martin <s.martin49@gmail.com> > --- > docs/manual/adding-packages-directory.txt | 7 ------- > 1 file changed, 7 deletions(-) Applied after fixing two places where the "none" hash type was referred as being useful for github downloads. Thanks, Thomas
Dear Maxime Hadjinlian, On Sun, 18 Oct 2015 17:32:23 +0200, Maxime Hadjinlian wrote: > Should we wait FOSDEM where we said that if there was not any problem we > would simply add all the missing hashes for GitHub packages ? Or we go back > on what we said and we do it now ? > And so, should we apply this now, or wait a bit ? We are now requesting people adding new packages fetched from Github to use the hash file, so our documentation should reflect that. Adding "all" the missing hashes is not necessarily something we have to do right now. We can wait to gain a bit of knowledge/experience using the hashes on newly added packages (or existing packages when they are bumped), and if it continues to work fine, we'll add all hashes at some point in the future. I.e, please don't send a 200 patches patch series adding hashes for all github downloaded packages. Thanks! Thomas
diff --git a/docs/manual/adding-packages-directory.txt b/docs/manual/adding-packages-directory.txt index b66e447..8745c41 100644 --- a/docs/manual/adding-packages-directory.txt +++ b/docs/manual/adding-packages-directory.txt @@ -449,13 +449,6 @@ strong hash yourself (preferably +sha256+, but not +md5+), and mention this in a comment line above the hashes. .Note -If +libfoo+ is from GitHub (see xref:github-download-url[] for details), we -can only accept a +.hash+ file if the package is a released (e.g. uploaded -by the maintainer) tarball. Otherwise, the automatically generated tarball -may change over time, and thus its hashes may be different each time it is -downloaded, causing a +.hash+ mismatch for that tarball. - -.Note The number of spaces does not matter, so one can use spaces (or tabs) to properly align the different fields.
This note is no longer needed, so remove it. Tarballs generated by GitHub are always the same, so hashes can be checked. This reverts commit 9474cc2594c8643301164500ce6eb62546da2b8f. Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Signed-off-by: Samuel Martin <s.martin49@gmail.com> --- docs/manual/adding-packages-directory.txt | 7 ------- 1 file changed, 7 deletions(-)