On Sat, Feb 2, 2013 at 6:44 AM, Vaeth <va...@mathematik.uni-wuerzburg.de> wrote: > I just ask that Gentoo should not *hinder* the user in installing/ > maintaining a package later by removing the tarballs (and possibly > patches) which once were available.
So, I can see the validity of this argument insofar as it applies to Gentoo-generated tarballs and such, like patchsets. These tend to be hosted on dev webpages and such, and as a result they don't get any kind of version control like files in cvs do. Code that Gentoo creates should in general be revision-controlled. Another class of code is distfile tarballs that we create. Some packages have these because upstream does not have reliable source tarball hosting. Maybe they only host binaries and an scm that does not generate tarballs on demand. So, sometimes devs have to create source tarballs and host them somewhere, and these also do not get revision-controlled. I'm a bit torn on these because they are in fact large files and they're only marginally Gentoo-created, but they probably could never be recreated with a matching hash. If for whatever reason space was no object and we did revision-control these files we would need a mechanism to obliterate them entirely (or at least block access) should a licensing issue be discovered. Patches are something we could probably claim copyright or fair use over, but entire source tarballs clearly require a license to redistribute. I do have to agree with the earlier comment that Gentoo isn't a software archiving service. I think we SHOULD archive the stuff we create - if somebody wants to work on a better way of hosting patches this is something Gentoo should support (via infra/etc), but of course somebody has to step up and actually do that work, and it isn't reasonable to ask treecleaners/QA/etc to leave things with broken SRC_URIs in the tree until this is done. Broken SRC_URIs generate logspam and no doubt headaches in general for those who graciously maintain our mirrors. As far as upstream tarballs go - if somebody wants to archive them by all means do so, and patches for broken SRC_URIs that point to these patches should be consider welcome provided the package has no other serious flaws. However, maintaining an archive of tarballs for anything we EVER packaged sounds like a lot of work, and not a small amount of space/bandwidth/etc as well. Do we archive everything just in case? Do we periodically scan stuff in our attic in case a package we already removed has its sources disappear (and what do we even do then since we don't mirror removed pacakges)? Why bother trying to archive some distfiles if we don't archive all of them? This just sounds like a big mess, and not really our core mission. Rich
