Re: Changing of archive packages to git tags

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Hi,

On 10/04/2024 01:24, Aaron Liu wrote:

Ey,
Recently, a bunch of packages such as cowsay have switched to pulling from a git tag away from downloading from the /archive/ path of GitHub. Since downloading GitHub's archives are guaranteed to have the exact same contents as pulling from the tags, with the added benefit of not pulling the .git folder, is there any benefit to this? To my knowledge, the problematic xz tarballs were under the /release/ path as uploaded artifacts, while the /archive/ download remained clean.
Pulling generated archives from GitHub is not stable, there has been one change where it wasn't and reverted. [1] 

In conclusion, it is likely not something we can 100% rely on.
[1] https://github.blog/2023-02-21-update-on-the-future-stability-of-source-code-archives-and-hashes/
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux