[Dev] FWD: [openbsd-ports] Porters, please read re GitHub auto-generated tarballs vs releases
Luke Shumaker
lukeshu at lukeshu.com
Fri Mar 2 21:18:01 GMT 2018
On 2018-02-27 at 12:28:07
Stuart Henderson wrote:
> Many ports are using github's on-the-fly generated source-code tarballs
> via the GH_ variables in Makefiles.
>
> These are *not* guaranteed to be stable, they can change as github
> update software and caches expire (this has happened at some point over
> the last few months so we have been seeing a number of hash failures
> recently). Due to local caches at the github clusters, these files
> can be different depending on which cluster you're connecting to,
> so if you regenerate distinfo to match the file which you see
> locally, it may cause breakage elsewhere in the world.
That's a bummer. Around 2011, the auto-generated tarballs were really
not stable; it would just about never give you the same file
twice. Since then (2014-ish, maybe?), they had changed their
implementation, and it it started consistently giving the same file,
to different parts of the world (ie, probably hitting different
clusters), for years. I had assumed that meant GitHub had committed
to keeping them stable, and we started allowing them in Parabola.
It's a bummer that in the last few months they've apparently started
breaking that.
Though I wonder if that's intentional/allowed, or if it's really just
a bug in GitHub.
> : "It is not meant to be reliable or a way to distribute software
> : releases and nothing in the software stack is made to try to
> : produce consistent archives."
I can't seem to find a source for that quote.
--
Happy hacking,
~ Luke Shumaker
More information about the Dev
mailing list