On Tuesday 18 of February 2020, Eike Rathke wrote:
Hi,
On Monday, 2020-02-17 19:06:23 +0100, Luboš Luňák wrote:
And is there any worthwhile gain in insisting on using upstream
tarballs?
Reliable checksums and reproducible packaging.
A responsible developer introducing a new tarball on the download server
a) checks it against the official checksum after download
b) creates the SHA256SUM of the file to use in download.lst
Any repacking invalidates that, specifically on a developer's machine
could introduce omissions or additions.
That is the theory, but the reality is that we already do have some tarballs
that do not have any matching upstream tarballs (e.g. because do not exist),
so I think that point is moot.
--
Luboš Luňák
l.lunak@collabora.com
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.