[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#21784: Old XZ tarballs
From: |
Lasse Collin |
Subject: |
bug#21784: Old XZ tarballs |
Date: |
Sat, 31 Oct 2015 20:29:08 +0200 |
On 2015-10-30 Ludovic Courtès wrote:
> Lasse Collin <address@hidden> skribis:
> > For some reason the old XZ Utils versions are more popular downloads
> > than the latest versions (5.0.8 and 5.2.2). Perhaps I should move
> > the downloads somewhere else to avoid bandwidth quota issues,
>
> Some people move old tarballs to an old/ sub-directory, to make sure
> people do not mistakenly take an old version. I don’t know if that
> would help here?
I don't like to break links intentionally. I know I did exactly that a
few days ago, but it cannot be the long-term solution. The links to old
versions are on a separate page already, so those using a web browser
are unlikely to get an old version by accident.
> > but on the other hand I feel that it's not nice if source-based
> > distributions rely on upstream servers instead of providing their
> > own distro-specific mirrors. If you think this isn't a reasonable
> > wish, feel free to say so.
>
> Guix does automatically mirror tarballs via its “substitute”
> mechanism. However, users can turn it off, in which case they end up
> downloading the tarball from the upstream URL specified in the
> package recipe.
OK. :-) Why would users turn it off though? I would guess that one good
mirror would be more reliable than dozens of upstream sites of which
just one needs to be down to be a problem for a user. A package manager
should know the hash or signature of the file, so from security point
of view it doesn't matter where the file comes.
Note that I have nothing against including the upstream URL in the
build scripts. I just wish that it doesn't cause a *large* number of
users downloading the file from the upstream instead of distro's
mirror. To be fair, xz-5.0.4.tar.gz hasn't been a popular download
(xz-5.0.4.tar.bz2 is somewhat popular though), so I believe Guix users
haven't caused a significant amount of traffic for me. :-)
> > By the way, is there a reason why you use 5.0.4 instead of 5.0.8 (or
> > even 5.2.2)?
>
> No good reason! We’ll upgrade it as soon as this can be done without
> triggering too much rebuild/redownloads for users.
API/ABI is backward compatible so one shouldn't need to rebuild other
packages. There's a mailing list "xz-announce" in case you want a
notification when a new version is released:
<http://tukaani.org/xz/lists.html>
--
Lasse Collin | IRC: Larhzu @ IRCnet & Freenode
- bug#21784: Alternate xz-5.0.4.tar.gz URL, (continued)
- bug#21784: cannot install icecat!, Ludovic Courtès, 2015/10/29
- bug#21784: cannot install icecat!, -=}\\*/{=-, 2015/10/29
- bug#21784: cannot install icecat!, -=}\\*/{=-, 2015/10/29
- bug#21784: cannot install icecat!, -=}\\*/{=-, 2015/10/30
- bug#21784: cannot install icecat!, Efraim Flashner, 2015/10/30
- bug#21784: cannot install icecat!, -=}\\*/{=-, 2015/10/30
- bug#21784: cannot install icecat!, -=}\\*/{=-, 2015/10/30
bug#21784: cannot install icecat!, Lasse Collin, 2015/10/30