On 06/05/10 11:41, Loui Chang wrote:
On Thu 06 May 2010 10:51 +1000, Allan McRae wrote:
2) cd1378d makepkg: rework --skipinteg
This is very, very, VERY useful. I did not have makepkg-git on my
new computer earlier this week and the current makepkg behaviour
annoyed me A LOT.
This is particularly useful when testing out a patch that you need to
repeatedly modify. You only need to update your checksums once it is
working. I use this very frequently, but then again I do more
packaging than most.
I believe this is bad behaviour. makepkg should be used to package
software, not help you develop patches for it.
Not being condescending here, but you obviously do not do much
packaging. Packaging software requires patching software. e.g. gcc-4.x
header changes, libpng API changes, etc. It is a lot easier for me to
run "makepkg --skipinteg" to test the state of a patch to fix build
issues that it is to manually extract the tarball, apply the patch,
configure, make...
3) 5d911ae makepkg: allow skipping integrity checks when making
source package
And here is the fun one... "makepkg --source" currently requires
checking all checksums. Using "-source --skipinteg" does not skip
this, which in itself makes little sense to me. The argument that
this stops people distributing packages with bad checksums is flawed.
There is nothing stopping them doing that now. They just have to not
use makepkg when creating the tarball, which could lead to even worse
PKGBUILDs being distributed as none of makepkg's other checks would
be performed.
Just because someone can manually make a bad source package there's no
excuse to put bad behaviour into makepkg. The same applies to binary
packages.
Why is it bad behaviour? I think you are just assuming the user is
stupid and will use it unnecessarily. "pacman -Rd" and "pacman -Sf" are
stupid in most cases, but we do not remove them as they are also useful
in others cases. Similarly, I provided two usage cases where it is
perfectly reasonable behaviour to skip integrity checks.
Skipping integrity checks is not going to be the default behaviour and
does not even have a shorthand option. The user has to specifically
want to use it. Lets make the assumption that if someone goes out of
their way to type "--skipinteg", that they are doing it deliberately.
Perhaps in the future if package signing is implemented for
packages it would also be possible to have signed source packages.
Yes it would, but entirely off topic.
