"Johnny C. Lam" <jlam%NetBSD.org@localhost> writes: > On Mon, Aug 07, 2017 at 08:15:06PM +0000, John Klos wrote: >> It seems that some pkgsrc packages use github for some distfiles (via >> codeload.github.com). >> >> It appears that github generates these on the fly and has decided to change >> their method, seemingly arbitrarily, which makes checksums fail. >> >> In the case of wip/bitcoin, the untargzipped files match the original >> repository on which the checksums were calculated, according to mtree, but >> the size of the file is now off by four bytes. The files from the actual >> Bitcoin project haven't been touched since November. >> >> Should it be decided, whether by concensus or a decision by pkgsrc-pmc, that >> NetBSD should avoid services such as github which do this kind of dynamic >> packaging? > > If the package maintainer that creates a package that uses a GitHub > as a distribution site also uploads a copy of the tarball to > ftp.netbsd.org, will that be sufficient? That doesn't resolve the confusion about different versions; it just moves itaround.
Attachment:
signature.asc
Description: PGP signature