kevin added a new comment to an issue you are following:
``
I'm not sure a is really significantly worse than what we have
now — someone can replace a versioned tarball without changing the version, too, right?
(And I've seen it happen.)
Sure, but:
* We would be depending on remote sites to be up and reachable to do builds.
* If we built against git hash deadbeef and want to reproduce it or just see what exactly
was in it, remote could have re-written history so it's now different. If we made or
used a tar.gz that we control we could diff the two to see what was changed.
* If history gets re-written all our hashes against the remote repo are now wrong and we
have no idea what was built against what and can't reproduce them.
* Some projects go away, along with their git repos, so now we have no idea what we built
and can't build it again.
I'm sure I could go on. ;)
But that said, I think there are other advantages to b, too: it
could solve the network access issue, and there's a lot of great stuff we could do
with our own local repos.
Possibly yeah, thats why I said depends on advantages.
there was a long thread about this at least twice that I recall. Once when we were moving
from cvs to git and some folks wanted expoded source too, and another time a number of
years later where people wanted that again... but I don't think it ever got to a high
enough yummy to trouble ratio to do.
``
To reply, visit the link below or just reply to this email
https://pagure.io/releng/issue/7498