martin f krafft wrote:
> also sprach Manoj Srivastava <> [2009.04.15.1702 +0200]:
>>         In my experience, while that used to be true, it has not been
>>  the case for some time now. 
> This topic came up on debian-devel:
> If I may sum it up in my own words and mix it with my own opinion,
> then distributions like Debian aren't really necessarily the target
> audience of the autotools output and it might make a lot more sense
> for us to build from VCS. This means that autotools would become
> part of the build process *and* that we rid ourselves of the "dogma"
> of distributing pristine tar sources.
> Even though those are nice in theory, I've always wondered who
> actually checks them for authenticity, and if so, then *why*. Do
> they check /every/ source package? Do they check that the binary
> packages actually stem from those sources? Why are they using
> Debian?
> Building directly from VCS seems a lot saner to me. There is no
> reason why autotools couldn't also be used to create tarballs by
> upstream for all the other consumers, but in the distro context,
> pristine tarballs seem a bit limiting and possibly a step backwards.
There are advantages to using tarballs.  Whether they outweigh the
convenience of building directly from VCS is certainly up for debate
(and has been debated many times on Fedora devel list, among other
places ;-)

One of the reasons I remember as actually having validity was that
tarballs have a large test base vs an SCM snapshot.  (Even if you build
from a tag, you have to depend on upstream having tagged the correct
version that actually got into the tarball).


Attachment: signature.asc
Description: OpenPGP digital signature

vcs-pkg-discuss mailing list

Reply via email to