[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [groff] mom: blockquotes lose indent across page breaks

From: Ingo Schwarze
Subject: Re: [groff] mom: blockquotes lose indent across page breaks
Date: Tue, 18 Dec 2018 03:47:18 +0100
User-agent: Mutt/1.8.0 (2017-02-23)

Hi Peter,

Peter Schaffter wrote on Mon, Dec 17, 2018 at 08:55:04PM -0500:

> I've updated mom-2.4.tar.gz on mom's website,

Never change tarballs after they are released.
That causes bad trouble to downstream packagers:
On first sight, it looks like your website was hacked and the tarball
trojaned by an attacker because downstream packagers typically
keep checksums of distfiles.

So changing a tarball after the fact at the very least forces all
downstream packagers to manually investigate whether the change was
intentional and legitimate or an error or even malicious.

Even if they figure out it was intentioanl and legitimate, time
was wasted figuring that out.  And then they are in a fix regarding
how to name their updated package for their users.  They *have* to
bump it somehow or package mangers on end user systems cannot know
that they have to update the package on the user's system.  So if you
do not bump upstream, the packager is kind of forced to bump the
packaging version - but that is misleading to users: it looks as if
the packager merely improved something in the way the software is
packaged, while the bump is actually an upstream bug fix - in fact,
a bugfix considered so important that essentially, a new release
was made just to fix that one bug.

If you make release, don't try to keep it secret.

If downstream packagers are less careful, they will possibly never
pick up the fix because the version number didn't change, so they
have no indication anything was wrong, and they will happily
continue to ship the buggy version to their users.

When updating a tarball, always bump the version number.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]