Am 06.09.2014, 10:24 Uhr, schrieb Takeshi Enomoto via dmd-beta
<[email protected]>:
Dear DMD developers,
Thank you for developing DMD.
I maintain dmd and related packages of MacPorts.
We noticed a few updates to v2.066.0 of dmd, druntime and phobos
without changing their tags in the git repository (releases).
<https://github.com/D-Programming-Language/dmd/releases>
We call such updates `stealth updates'.
The checksums are verified to make sure that the correct source code
have been downloaded by MacPorts' port command.
The checksums are written in the package description file, called
Portfile.
We need to special treatment for stealth updates.
<https://trac.macports.org/wiki/PortfileRecipes#stealth-updates>
From the viewpoint of package maintainer,
stealth updates are not a good idea.
I understand that the changes are for bug fixes or enhancement.
But if so a new version number (e.g. v2.066.1 or v2.066.0.1)
or a tag should be given to the commit.
I appreciate if you discussed my suggestion among the developers and
considered adopting it.
Regards,
Takeshi
Hello Takeshi,
I am a package maintainer for Gentoo so I know the issue from both closed
and open source projects, like Google Earth or OpenXCom, which happened to
modify their uploaded releases. Did this also happen to the "official"
all-systems .zip in the download section of dlang.org? That's the one I
use, because D's inventors have expressed the wish to keep track of the
download count to roughly estimate the user base, which they can't with
GitHub I think.
Otherwise I think it is understood that bug fix releases should receive an
incremented version number as it happened in the past.
And to add to your concerns: Once a user (e.g. we package maintainers)
have downloaded a source package and the checksums got calculated, there
is no system that periodically checks if the source on the internet didn't
change in the mean time. As a result package maintainers learn about that
by people who try the new package for the first time and find the package
manager complaining about incorrect checksums.
I'm going to check my dmd package now as well, just to be sure.
Fortunately both MacPorts and the ebuild system allow revisions
independently of the original software's version number, so it is easy to
bump that for a changed source bundle. Thanks for the hint!
Best regards,
Marco
_______________________________________________
dmd-beta mailing list
[email protected]
http://lists.puremagic.com/mailman/listinfo/dmd-beta
