tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: What to do about github (dynamic) downloads
On 08/07, John Klos wrote:
> It seems that some pkgsrc packages use github for some distfiles
> (via codeload.github.com).
>
> It appears that github generates these on the fly and has decided to
> change their method, seemingly arbitrarily, which makes checksums
> fail.
>
> In the case of wip/bitcoin, the untargzipped files match the
> original repository on which the checksums were calculated,
> according to mtree, but the size of the file is now off by four
> bytes. The files from the actual Bitcoin project haven't been
> touched since November.
>
> Should it be decided, whether by concensus or a decision by
> pkgsrc-pmc, that NetBSD should avoid services such as github which
> do this kind of dynamic packaging?
There are probably at least two kinds of downloads available from
GitHub, then. (There may be more; I don't know.) I don't know anything
about this dynamic packaging via codeload.github.com, but I do know that
GitHub has the concept of a "release" for which the project owner can
provide links to binary files. See:
https://help.github.com/articles/about-releases/
Google's Protobuf project, for example, uses this:
https://github.com/google/protobuf/releases
There's a "Downloads" section for each release which contains links to
many binary files (e.g., .tar.gz, .zip). I'm 99% sure these are not
dynamically generated on the fly; they're just binary files available
for download.
So, if there would be any avoidance policy, I think it should be at a
finer-grained level than the service level. In other words, binary
files associated with a GitHub release should be fine. They are
different from whatever these dynamically generated archives are from
codeload.github.com.
Regards,
Lewis
Home |
Main Index |
Thread Index |
Old Index