GitHub Hosted upstream 'Source0'

Kevin Kofler kevin.kofler at chello.at
Wed Feb 16 09:49:27 UTC 2011


BJ Dierkes wrote:
> What would be the thoughts of using that to produce more sane/traditional
> tarbals of upstream GitHub source?

It doesn't fix the third, and main, issue: GitHub-generated tarballs get a 
new checksum each time they're regenerated (because some file dates change). 
This makes them completely unverifiable.

(This also goes for other "generate tarball from tag" services, e.g. 
BitBucket.)

The only reasonable thing to do there is really to have upstream upload a 
real, verifiable tarball (explaining the above issue to them).

        Kevin Kofler



More information about the devel mailing list