[OpenWrt-Devel] openwrt/packages: [RFC] Regarding preferences re: switch to codeload
Jo-Philipp Wich
jo at mein.io
Mon Aug 13 05:45:14 EDT 2018
Hi,
personally I'm opposed to the entire code load thing.
First of all I was unable to reproduce the tarballs offered by Github.
Github seems to use an extended tar (pax) format while we pack our SCM
clones using the more traditional ustar format, however even using `tar
-cp -H pax --numeric-owner --owner=0 --group=0 --sort=name --mtime ...`
seems to yield a different tar stream compared to whatever is offered by
Github;
- The order of the entries in the archive also seems to deviate from
that of `tar --sort=name`, it looks as if Github archives are sorted
using the "C" collate while GNU tar uses something else.
- The PAX header format seems to be different, Github uses a global PAX
header while GNU tar produces per-member headers
- There seem to be proprietary tags inside Github tar (comment=<sha1>)
which are not present in the GNU equivalent
Furthermore I dislike the idea of tailoring download mechanisms around a
specific proprietary service.
If the allegations about hash changes for unknown reasons are correct,
then this raises a huge red flag for me and I see no reason to not
assume that codeload tarballs will eventually change as well, become
rate limited, redirected, discontinued or changed in other arbitrary ways.
So TLDR; I prefer a locally reproducible, cached tarball of a given SCM
clone over an opaque Github offer.
My 2cents,
Jo
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list