On Wed, Jun 24, 2015 at 11:02:07AM -0700, Gerald B. Cox wrote:
On Wed, Jun 24, 2015 at 12:32 AM, Pierre-Yves Chibon
<pingou(a)pingoured.fr>
wrote:
That is a valid point, but we can reverse the problem:
We can't do anything about upstreams that re-generate multiple times the
archive
for the same release, but with the current guidelines we can do
something about
the upstreams that are moving tags around.
That sounds to me like a good reason to do so.
...
The only counter-argument I can think of right now is the frequency at
which the
abuse occurs on github.
In my experience, it is much more frequent.
Thanks again for taking the time to reply! A
That is a good point, and I agree.A We should always strive to fix things
if we can.
My concern is the practical effect of implementing a guideline that says
you mustA
always use commit hash when packaging source from Git repositories; but if
the Project
takes that same archive and uploads it to some URL, that it is now somehow
magically golden.
That just strikes me as a bit capricious.
I was a bit surprised at first with the frequency you believe this is
happening with Git;A
but I can believe there are many people playing around, experimenting and
learning
about Git; and these people can make mistakes mainly because they haven't
RTFM; but
I don't think we should be concerned about those particular repositories.
The ones we are concerned about are the ones that we would want to
package; and I really
find it hard to imagine that someone would advance so far in developing
something
we would want to package, yet has a remained completely ignorant on how to
properly
use their VCS.
I think this is the core of our disagreement, many of the project we package are
doing this. Ask Remi, he maintains several hundreds of packages and he can
testify that this behavior is occurring also for projects that are packaged in
Fedora and in other distributions.
The fact that you find it hard to imagine is unfortunately not correlated with
the fact that it occurs, also for projects we (as in Fedora) are interested in.
Pierre