On 09/19/2016 10:00 AM, Chí-Thanh Christopher Nguyễn wrote: > Kristian Fiskerstrand schrieb: >>> Why are those ebuilds not live? If upstream doesn't do real releases and >>> can't even be bothered to tag the commit that marks a release, then why >>> are you (or someone else) doing all this work? The snapshot scripts >>> could be replaced by a live ebuild and upstream can handle bugs as they >>> come since they can't be bothered to version their software. >> >> I would expect because live ebuilds can't be keyworded, so snapshot is >> the correct way to do it. > > I think the rule of not keywording live ebuilds originally applied only > to those who fetch git/svn/cvs head. > If a live ebuild fetches a particular revision, then the disadvantage is > still that it can't be mirrored (hence a snapshot is preferable from > user POV), but other than that it can be tested fine.
Or a release CD / any offline system, or verifying OpenPGP signature of the distributed tarball, or... -- Kristian Fiskerstrand OpenPGP certificate reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
signature.asc
Description: OpenPGP digital signature
