On 2018/12/31 19:01, Antoine Jacoutot wrote: > On Mon, Dec 31, 2018 at 05:45:19PM +0100, Marc Espie wrote: > > Adding more fluff to bsd.port.mk to support this style of code is fairly > > disturbing. > > > > I don't like the github stuff too much, it's somewhat error-prone and there > > is regular traffic on ports-changes proving it. > > > > Adding a SECOND source of problems does not seem like the way to go. > > > > There's also the issue of getting reliable checksum tarballs... especially > > if that ends up involving REQUIRING dependencies just to be able to fetch > > things. That's something we tried to avoid and that is definitely bug-prone. > > > > That will lead, at the least, to quality-issue problems. And possibly to > > actual security issues. > > > > On platforms where it is possible to have release tarballs that don't change > > I would say that's still a much better choice. > > > > I would very much be in favor of people providing hosting services where > > this > > does not exist, and to have an actual FAQ of things to tell upstream so that > > they prepare actual properly tagged releases on platforms such as github. > > That's what the GNOME project is currently doing (GitLab + some ftp space to > fetch tarballs). But if they end up changing and use generated tarballs from > GitLab directly, do not count on me to go see the 100+ different maintainers > of > the GNOME subprojects to ask them to change their policy.
If that happens and the distfiles prove unstable we will need to do *something* though .. and we won't be the only ones, any packagers that check distfiles (either by hashes or by pgp signatures as is more common on Linux) will need stable files to do that. > I am in favor of having suppor for gitlab in bsd.port.mk. Lots of projects are > moving there and again it's very convenient because portroach would be able to > warn you when there are updates available (which could also be security > updates). FWIW PORTROACH=site:<foo> can still be used with mirrored distfiles if that's what we need to do ..
