On 12/22/2016 3:28 PM, Jason Gunthorpe wrote: > On Thu, Dec 22, 2016 at 01:17:52PM -0500, Doug Ledford wrote: >> On 12/22/2016 12:38 PM, Jason Gunthorpe wrote: >>> On Thu, Dec 22, 2016 at 02:32:07AM -0500, Jarod Wilson wrote: >> >>> Yes.. Somehow libfabric is doing this: >>> >>> https://github.com/ofiwg/libfabric/releases >>> >>> It looks like they produced the .tar.gz by hand and then uploaded it >>> again as an attached release file? >>> >>> Should we do this too, Doug? >> >> I was going to try changing the tag format on the next tag to get the >> desired result. So, instead of v12-rc4 or v12, rdma-core-12-rc4 or just >> rdma-core-12. > > I don't know enough about github to comment.. > > The advantage of the libfabric approach is that the tar.gz is produced > once and never changed so we can provide the SHA2, while I'm not > certain the github .tar.gz link is bit-for-bit content-stable? Yeah, but the SHA hash of the git repo is, for all intents and purposes, just as valid as a SHA for the tarball. It's just verified in a different way. I can certainly see the benefit of the libfabric approach for keeping the status quo happy though. -- Doug Ledford <dledford@xxxxxxxxxx> GPG Key ID: B826A3330E572FDD Key fingerprint = AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD
Attachment:
signature.asc
Description: OpenPGP digital signature