On 15-11-18, Eli Schwartz via aur-general wrote: > On 11/14/18 11:50 PM, Daniel M. Capella via aur-general wrote: > > Quoting Levente Polyak via aur-general (2018-11-14 17:00:38) > >> - tests are awesome <3 run them whenever possible! more is better! > >> pulling sources from github is favorable when you get free tests > >> and sometimes manpages/docs > > > > Will work with the upstreams to distribute these. I prefer to use published > > offerings as they are what the authors intend to be used. GitHub > > autogenerated > > tarballs are also subject to change: > > https://marc.info/?l=openbsd-ports&m=151973450514279&w=2 > > I've seen the occasional *claim* that this happens, but I've yet to see > any actual case where this happens and it isn't because of upstream > force-pushing a tag.
See https://bugs.archlinux.org/task/60382 for an example. I still had the old archive around so I spent some time comparing it with the new one: - I compared the checksum of each individual file in the archives, and they were all identical - I compared the raw tar files after decompressing, and there were just a few bytes that were moved around This really suggests a slight format change in the way the tarball was generated (could be file ordering). If you want to double check, here they are: - old archive from May 2017: https://files.polyno.me/arch/kashmir-20150805-20170525.tar.gz - new archive: https://files.polyno.me/arch/kashmir-20150805.tar.gz Baptiste
signature.asc
Description: PGP signature
