On 2021-03-01 at 18:15:29, Junio C Hamano wrote: > "brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes: > > > The output of 'git archive' is guaranteed to be the same across > > versions of git, but the archive itself is not guaranteed to be > > bit-for-bit identical. > > I do not quite get this; your original was clearer. What does it > mean to "be the same across versions of git but not identical" at > the same time? If output from Git version 1.0 and 2.0 are guranteed > to be the same across versions, what more is there for the readers > to worry about the format stability? > > Perhaps you meant > > ... is guaranteed to be the same for any given version of > Git across ports. > > or something? It would allow kernel.org's use of "Konstantin tells > kernel.org users to use Git version X to run 'git archive' and > create detached signature on the output, and upload only the > signature. The site uses the same Git version X to run 'git > archive' to create a tarball and the detached signature magically > matches, as the output on two places are bit-for-bit identical". I think what I had intended was that Git produces deterministic output, but I don't actually think that's true across ports. If someone uses a different version of zlib on a different OS, the output may differ. I'll rephrase to avoid giving a misleading impression. > > The output of 'git archive' has changed > > in the past, and most likely will in the future. > > That is correct as a statement of fact. I feel that saying it is > either redundant and insufficient at the same time. If we want to > tell them "do not depend on the output being bit-for-bit identical", > we should say it more explicitly after this sentence, I would think. I agree we should explicitly say that. -- brian m. carlson (he/him or they/them) Houston, Texas, US
Attachment:
signature.asc
Description: PGP signature