On 5 March 2018 at 11:39, Ryan Schmidt wrote:
> On Mar 5, 2018, at 04:34, db wrote:
>>
>> I know, but I don't see how HEAD is pragmatically that much different from 
>> the devel ports that use a hash+date instead.
>
> "HEAD" is not a specific version. It will vary as developers make new 
> commits. A user installing a port that fetches from "HEAD" will receive 
> different software depending on when they install it, without the version of 
> the port reflecting that. We don't want that; we want reproducible builds.
>
> hash+date is specific, predictable, repeatable. The portfile developer tests 
> a specific hash+date, and when satisfied, commits it to make it available to 
> MacPorts users. And when they do, users are notified that an update is 
> available via "port outdated". That all doesn't happen if you set a port to 
> download from "HEAD".

If we really wanted to, we could certainly:

(1.a) use livecheck-like behaviour to check whether a new commit is
available, so the user would then run something in the spirit of
    port outdated --checkheads
to also check online

(1.b) run such checks at the time of portindex generation (no doubt
portindex would become super slow)

(2) record the git checksum / svn revision at the time of installation

(3) write a big fat warning whenever a port gets installed from HEAD;
repeat the same warning in each log file whenever any dependency would
come from HEAD, so that it immediately becomes clear the user could
have something messed up when filing a ticket

(4) make sure not to install and dependent port from binary archive

(5) provide a command to rebuild all ports that depend on a certain
(or any) port from HEAD; this might be needed after updates

(6) provide a way to back out (that would be much easier to do than
getting rid of +universal ports for example)

(7) write a policy of what we are supposed to do when users submit
reports that the HEAD variant should be fixed - to what extent
developers are supposed to be following


I admit that I do find added value in being able to install certain
ports from HEAD as long as the user using that feature knows exactly
what he/she is doing. I also understand the zillion potential problems
associated with letting users do that. So in this case I'm on neither
side.

Mojca

Reply via email to