On Wed, Sep 2, 2020 at 5:29 AM Martin Jansa <[email protected]> wrote: > > On Wed, Sep 02, 2020 at 02:25:10PM +0200, Diego Rondini wrote: > > Hi, > > > > On Wed, Aug 26, 2020 at 9:16 AM Diego Rondini > > <[email protected]> wrote: > > > > > > Hi Khem, > > > > > > On Tue, Aug 25, 2020 at 8:40 PM Khem Raj <[email protected]> wrote: > > > > > > > > On Tue, Aug 25, 2020 at 10:59 AM Martin Jansa <[email protected]> > > > > wrote: > > > > > > > > > > OK, I've overlooked that it's from gitlab, but are you sure that > > > > > gitlab archives aren't re-generated from time to time like the github > > > > > archives are? > > > > > > > > > > Or are you sure that https://gitlab.com/libeigen/eigen/-/releases are > > > > > developer uploaded archives? It looks like gitlab creates them > > > > > automatically: > > > > > https://docs.gitlab.com/ee/user/project/releases/ > > > > > like github does with tag archives. > > > > > > > > > > > > > while it fixes the issue it is trying to fix, it would be better to > > > > fix the non-deterministic archive issue as well while here, I dont > > > > know if gitlab's archiving is reproducible perhaps a question for > > > > gitlab, but it would be ok to switch to using git fetcher to avoid > > > > that suspicion. What do you think? > > > > > > I've posted the question, so we get an answer for all the other gitlab > > > projects that are out there: > > > https://forum.gitlab.com/t/gitlab-release-tarball-stability/41888 > > > > > > Let's see what the answer is. > > > > So we have an initial answer: > > https://forum.gitlab.com/t/gitlab-release-tarball-stability/41888/3?u=diegorondini > > > > The summary is: tarballs can be regenerated, but they are regenerated > > identical by git archive according to the manual. > > The use of git archive in the source code is not guaranteed in the > > future as at the moment there is no immutability test in the gitaly > > service. > > > > Martin, Khem, what do you suggest to do? > > I would you git fetcher to be safe, like we already do for github > archives. > > Extending the QA check to cover gitlab would be for bonus points :). >
I would agree. > Thanks > > > > Regards, > > Diego Rondini > > Sr. Embedded Engineer > > > > Kynetics > > www.kynetics.com
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#86809): https://lists.openembedded.org/g/openembedded-devel/message/86809 Mute This Topic: https://lists.openembedded.org/mt/76409333/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
