[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: github tarballs problematic?

From: Ludovic Courtès
Subject: Re: github tarballs problematic?
Date: Fri, 09 Jun 2017 15:53:25 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

Hi ng0,

ng0 <address@hidden> skribis:

> I've just come across this post via
> quote in almost full:
> today, I've accidentally attested there are no stability guarantees with the 
> on-demand archives from common git hosting sites when preparing a new 
> pacemaker update, redownloading "spectool -s 0 pacemaker.spec" of the 
> original (-0.1.rc1, from 2 weeks ago) spec and comparing the hashes, which 
> (surprisingly to me) didn't match (they were at any similar test in the 
> past). Then I looked at the adiff output:
> ...
>  diff -ru Unpack-2241/pacemaker-Pacemaker-1.1.17-rc1/
> Unpack-6255/pacemaker-Pacemaker-1.1.17-rc1/
>  --- Unpack-2241/pacemaker-Pacemaker-1.1.17-rc1/configure.ac2017-05-09 
> 00:55:15.000000000
> +0200
>  +++ Unpack-6255/pacemaker-Pacemaker-1.1.17-rc1/configure.ac2017-05-09 
> 00:55:15.000000000
> +0200
>  @@ -1159,7 +1159,7 @@
>   AC_PATH_PROGS(GIT, git false)
>   AC_MSG_CHECKING(build version)
>  -BUILD_VERSION=0459f40
>  +BUILD_VERSION=0459f40958
>   if test  != ":%h$"; then
>      AC_MSG_RESULT(archive hash: ) 
> for that indeed has export-subst git attribute set and the 
> change itself arises from "$Format:%h$" substitution. This likely means 
> GitHub was internally updated to use equivalent of git 2.11 feature of 
> abbreviation length autoscaling within last 14 days. Hope this will be useful 
> for some (e.g. fedora-review tool has a check to redownload and diff sources 
> against SRPM content, IIRC).

Interesting.  IIUC this only affects projects that use this
“$Format:%h$” feature, right?  I wonder how widespread it is.

Thanks for the heads-up,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]