Re: [eigen] Providing non-tag downloads over BitBucket

[ Thread Index | Date Index | More Archives ]

2012/1/1 Raphael Kubo da Costa <rakuco@xxxxxxxxxxx>:
> Hi there,
> I package eigen on FreeBSD, and it has been reported that the current
> SHA256 sum of the 2.0.16 tarball provided by our port does not match the
> one from the actual download from BitBucket. Since we check the
> checksums before publishing an update, this means the tarball has
> changed since it was first published.
> Comparing FreeBSD's own copy of the 2.0.16 tarball [1]

How was it generated?

> with the one
> currently being provided by BitBucket [2], it looks like only the
> tarball name (and the directory inside it) have changed from
> eigen-eigen-2.0.16 to eigen-eigen-<hash of the commit which the tag
> points to>. diff shows no difference in the actual contents.

of course that's the case: tagging a changesets only modifies the
special hgtags file.

how is that a problem?

> As a packager, I would appreciate if Eigen started providing
> "real" download tarballs in the Downloads section in BitBucket (like
> other projects do) to prevent this kind of issue -- I guess tarballs
> which are not created automatically do not risk being changed by
> BitBucket.

That would incur more manual work when doing releases and would
increase our reliance on bitbucket, so we would need a good reason to
do that.


> [1]
> and other mirrors
> [2]

Mail converted by MHonArc 2.6.19+