On Wed, Sep 02, 2020 at 02:25:10PM +0200, Diego Rondini wrote: > Hi, > > On Wed, Aug 26, 2020 at 9:16 AM Diego Rondini > <diego.rond...@kynetics.com> wrote: > > > > Hi Khem, > > > > On Tue, Aug 25, 2020 at 8:40 PM Khem Raj <raj.k...@gmail.com> wrote: > > > > > > On Tue, Aug 25, 2020 at 10:59 AM Martin Jansa <martin.ja...@gmail.com> > > > wrote: > > > > > > > > OK, I've overlooked that it's from gitlab, but are you sure that gitlab > > > > archives aren't re-generated from time to time like the github archives > > > > are? > > > > > > > > Or are you sure that https://gitlab.com/libeigen/eigen/-/releases are > > > > developer uploaded archives? It looks like gitlab creates them > > > > automatically: > > > > https://docs.gitlab.com/ee/user/project/releases/ > > > > like github does with tag archives. > > > > > > > > > > while it fixes the issue it is trying to fix, it would be better to > > > fix the non-deterministic archive issue as well while here, I dont > > > know if gitlab's archiving is reproducible perhaps a question for > > > gitlab, but it would be ok to switch to using git fetcher to avoid > > > that suspicion. What do you think? > > > > I've posted the question, so we get an answer for all the other gitlab > > projects that are out there: > > https://forum.gitlab.com/t/gitlab-release-tarball-stability/41888 > > > > Let's see what the answer is. > > So we have an initial answer: > https://forum.gitlab.com/t/gitlab-release-tarball-stability/41888/3?u=diegorondini > > The summary is: tarballs can be regenerated, but they are regenerated > identical by git archive according to the manual. > The use of git archive in the source code is not guaranteed in the > future as at the moment there is no immutability test in the gitaly > service. > > Martin, Khem, what do you suggest to do?
I would you git fetcher to be safe, like we already do for github archives. Extending the QA check to cover gitlab would be for bonus points :). Thanks > > Regards, > Diego Rondini > Sr. Embedded Engineer > > Kynetics > www.kynetics.com
signature.asc
Description: PGP signature
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#86803): https://lists.openembedded.org/g/openembedded-devel/message/86803 Mute This Topic: https://lists.openembedded.org/mt/76409333/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
