On 05/01/2012 02:24 AM, Sylvain Le Gall wrote:
Hi,
2012/4/30 Adrien <camarade...@gmail.com <mailto:camarade...@gmail.com>>
Hi,
On 30/04/2012, Sylvain Le Gall <sylv...@le-gall.net
<mailto:sylv...@le-gall.net>> wrote:
> Hi,
>
> 2012/4/30 Markus Mottl <markus.mo...@gmail.com
<mailto:markus.mo...@gmail.com>>
>
>> Hi,
>>
>> is it advisable to create Godi packages that check out a labeled
>> version from a version control system rather than download tarballs?
>> E.g. if I want to make a new release, I'd ideally just want to
update
>> the version number in the Godi-Makefile rather than having to
create a
>> tarball, upload it to some website, get its size and sha1sum, and
>> finally add this information to Godi. One downside would likely be
>> somewhat diminished security, since the sha1sum and size may not be
>> stable (the VC might use updated archive and compression tools
to send
>> you a tarball).
>>
>> Any ideas whether it's worthwhile for me to go into that
direction, or
>> should I better stick to the old & trusted but more cumbersome way?
>>
>
> Well, it will make GODI depends on git/hg/darcs/svn/whatever,
which will
> imply increased complexity. You also have to think of other packagers
> (Debian/Fedora/Mageia) that will have the same problem. And so
on and so
> forth.
>
> I tend to think that distributing source code directly from VCS
checkout is
> not a good idea -- it seems convenient at first glance but breaks
a lot of
> convention.
On the opposite, I've found it pretty convenient for development with
lablgtk2. But as an option and not a dedicated package which would
probably be overkill.
It'd be nice to be able to do that for each package and it's still
manageable for ocaml stuff (but it'll only get more and more complex).
A very basic stuff that you don't get with a VCS checkout, is the
generated file that you create in your predist (for darcs).
E.g. :
- configure generated from configure.ac <http://configure.ac> using autoconf
- setup.ml <http://setup.ml> generated from _oasis using oasis.
So either you check both of them into VCS which will make them suitable
for a checkout that reproduce exactly the same situation, BUT will make
people complain of checking in generated files. Or you create a branch
with generated files + tag (possible in some VCS like git) but will
implies understanding branches and creating a branches per release (not
that bad).
Indeed, the release branch looks like the correct way to use a VCS.
Other argument: it is highly probable that in 5 years a bunch of new VCS
will have appeared and a another bunch get deprecated -- whereas I can
bet that 'tar', 'gzip' and 'wget' will still be around and still working
as expected... And it will probably have been backed up by web archive.
Try to download something from
http://web.archive.org/web/20070629215321/http://www.ocaml.info/home/ocaml_sources.html#toc14
and after that try http://wayback.archive.org/web/*/http://github.com --
just for fun. I think that a tarball is a reasonnable intermediate
options to establish a token of exchange between upstream dev and
packager (i.e. a language that is understood by everyone).
But as a packager, I fear the "pandora box" effect, you start by
thinking that distributing through VCS is great and then people stop
tagging their release and say "use HEAD"
It should be forbidden by the system to use HEAD as a release number.
Most people know HEAD is a moving thing and software should be
distributed after being tagged for reproducibility reasons.
Regards,
F.
_______________________________________________
Godi-list mailing list
Godi-list@ocaml-programming.de
https://godirepo.camlcity.org/mailman/listinfo/godi-list
