[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content has

From: Jan Nieuwenhuizen
Subject: bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail
Date: Mon, 02 Oct 2017 22:22:33 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

Ludovic Courtès writes:

> Right.  Jan suggested checking the content-addressed mirrors *before*
> the real upstream address.  That would address the problem of upstream
> sources modified in-place, but at the cost of privacy/self-sufficiency
> as you note.  (Though it’s not really making “privacy” any worse in this
> case: it’s gnu.org vs. github.com.)

Yes, that may not preferrable in general without override.

> Perhaps we should make content-addressed mirrors configurable in a way
> that’s orthogonal to derivations, something similar in spirit to
> --substitute-urls?  The difficulty is that content-addressed mirrors are
> not just URLs; see (guix download).

Hmm.  I'm not sure what problem we are solving.  Should we only do this
for github(-like) tarballs?  Do we see this problem with other sources,
should we prevent it?  Possibly github will never do something like this
again.  Or we could banish github/gitlab(?) auto-generated tarballs and
go for git checkouts+commits?


Jan Nieuwenhuizen <address@hidden> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com

reply via email to

[Prev in Thread] Current Thread [Next in Thread]