On Tue, Jun 02, 2015 at 02:59:00PM +0200, Christoph Lohmann wrote:
> I could push out less releases and tag nearly every new feature that’s
> sspacele, if you like. But here’s my view that struggles me. I am using
> releases to reconsider what’s done in the project and what could be done
> next. Just tagging it would be a soft hint for you what’s changed. This
> would be solved by having a simplistic Changelog file in the project, which
> I would accept.
>
> But you being a packager, here’s my least important question: Do you need
> the checksum of the tarball? If not, then the link to the cdropbox interface
> would be enough for download. This saves much time in the release gener‐
> ation.
Due to how we do things in Arch, I don't need a checksum provided by the
upstream, no. I download it once, record the checksum in the PKGBUILD, build
the package and test it.
The checksum is needed less for the benefit of knowing that you are building
the same thing as the packager did, not for any actual verification of the
source. That would require a proper signature.
Received on Tue Jun 02 2015 - 15:30:25 CEST