On 01/11, Sébastien Luttringer wrote:
On Sun, 2016-10-30 at 22:47 -0400, Dave Reisner wrote:On Mon, Oct 31, 2016 at 03:23:48AM +0100, Sébastien Luttringer wrote: > On Sun, 2016-10-30 at 20:55 -0400, Dave Reisner wrote: > As I use a transparent http cache at home (2Mb/s bandwidth), so far I only > added the signature, and not the https as it breaks the cache.This doesn't seem to hold much weight. You're duplicating the source tarball now, as it exists (on disk?) in your http cache and in makepkg's SRCDEST. I'm not sure I see the benefit to doing this, particularly since the caching in SRCDEST is entirely agnostic to the protocol used to fetch it.Over the time, I found a problem using $SRCDEST; it doesn't check if upstream sources have been modified since. I've been tricked few times, releasing packages with my local tarballs and not the one available to others. Maybe it's something which can be improved directly in makepkg.
Mmm, it probably should check if it's been modified, and if so, complain loudly.
-- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
signature.asc
Description: PGP signature
