Uwe Stöhr wrote: > Am 02.04.2014 09:26, schrieb Vincent van Ravesteijn: > >> This is the third time we have to tell you to not create and release an >> installer for RC1 if it is not exactly what I released as RC1. > > What is going on nowadays?
This is going on: You keep ignoring all attempts to explain to you why a binary release must be be labelled in such a way that interested parties can see which source code was used to build it. You assume that "we" want to stop you from producing updated installers. This is wrong. As you say there are very good reasons for producing an updated installer. The only requirement "we" have is that these updated installers need to be named different than RC1 if they were not produced from the RC1 tarball. Others have explained the reasons why this is a bad practice better than I could do, so I'll only add an example of packagers who do it correctly: Most linux distributions apply small patches to their LyX packages for various reasons, but they always do it in such a way that it is reproducible. On https://packages.debian.org/sid/lyx you see the page of the 'lyx' package in debian. It contains a link to the archive of the unmodified source which was used (currently http://ftp.debian.org/debian/pool/main/l/lyx/lyx_2.0.6.orig.tar.xz), and a link to an archive with the applied changes (currently http://ftp.debian.org/debian/pool/main/l/lyx/lyx_2.0.6-1.debian.tar.gz). The latter also uses the suffix which is applied to the original version number and used for the resulting binary package. In this case it is simply "-1", but sometimes it is something more complicated. With this information everybody can study the source of the binary package, which is not possible for the updated installers you provided after the RC1 release. If you do not use a simple version suffix, but a git hash as Jürgen suggested, you would not even need to provide a patch file, since everybody could just fetch the particular git revision. This would be _zero_ extra work for you, and everyboy would be happy. Georg
