Re: What to do about github (dynamic) downloads

To: John Klos <john%ziaspace.com@localhost>
Subject: Re: What to do about github (dynamic) downloads
From: "Johnny C. Lam" <jlam%NetBSD.org@localhost>
Date: Mon, 7 Aug 2017 21:41:07 +0000

On Mon, Aug 07, 2017 at 08:15:06PM +0000, John Klos wrote:
> It seems that some pkgsrc packages use github for some distfiles (via
> codeload.github.com).
> 
> It appears that github generates these on the fly and has decided to change
> their method, seemingly arbitrarily, which makes checksums fail.
> 
> In the case of wip/bitcoin, the untargzipped files match the original
> repository on which the checksums were calculated, according to mtree, but
> the size of the file is now off by four bytes. The files from the actual
> Bitcoin project haven't been touched since November.
> 
> Should it be decided, whether by concensus or a decision by pkgsrc-pmc, that
> NetBSD should avoid services such as github which do this kind of dynamic
> packaging?

If the package maintainer that creates a package that uses a GitHub
as a distribution site also uploads a copy of the tarball to
ftp.netbsd.org, will that be sufficient?  Fetching should fall
through to the next site if the checksum fails, right?
-- 
Johnny C. Lam
jlam%NetBSD.org@localhost

Follow-Ups:
- Re: What to do about github (dynamic) downloads
  - From: Greg Troxel

References:
- What to do about github (dynamic) downloads
  - From: John Klos

Prev by Date: What to do about github (dynamic) downloads
Next by Date: Re: What to do about github (dynamic) downloads
Previous by Thread: What to do about github (dynamic) downloads
Next by Thread: Re: What to do about github (dynamic) downloads
Indexes:

Home | Main Index | Thread Index | Old Index