From: Liliana Marie Prikler <liliana.prikler@gmail.com>
To: Taylan Kammer <taylan.kammer@gmail.com>,
Mark H Weaver <mhw@netris.org>,
guix-devel@gnu.org
Subject: Re: On raw strings in <origin> commit field
Date: Fri, 31 Dec 2021 11:55:07 +0100 [thread overview]
Message-ID: <696347efa3a0ac449f538ef8bf2f6e42a517c5e0.camel@gmail.com> (raw)
In-Reply-To: <97f31fd3-38bd-1744-bb03-6ae514ae78a9@gmail.com>
Hi,
Am Freitag, dem 31.12.2021 um 08:57 +0100 schrieb Taylan Kammer:
> On 31.12.2021 04:15, Liliana Marie Prikler wrote:
> > [...] Obviously,
> > when travelling back in time, we want Guix' "1.2.3" to be whatever
> > it was by that point, but on the other hand, we also want a
> > recently pulled Guix to have a reasonably recent "v1.2.3" if it
> > claims to have "1.2.3". [...]
>
> I think here lies the crux of the disagreement. As far as I
> understand, Guix doesn't intend to support the notion that one
> version string could represent two different actual versions of a
> program throughout time.
It does not [intend ...], but the failure mode is important here,
particularly also for outside observers. An outside observer seeing
that Guix uses commit deadbeef for "1.2.3" whereas upstream has
bedeadaf for the same might not know that upstream moved their commit
and given that committers can do much without oversight, they could
also sneak in a malicious deadbeef when upstream "1.2.3" was actually
d000000d all along. If Ricardo had pushed to staging or core-updates,
that commit could have gone unnoticed for far longer (and just to be
sure, I do trust Ricardo to pick the right commit and would likely not
even bother checking if I was used to that scheme).
Seeing `guix build' fail because upstream hopped tags is frustrating
from a reproducibility angle, but it makes it somewhat easier to assign
blame and move forward. Similarly, if we use git-version where we are
unsure if upstreams play nice, we never claim to package a canonical
"1.2.3", but a particular commit that advertises being "1.2.3" through
other means, such as configure files. It would be obvious, that Guix
always packaged that commit.
> Rather, I think, the reason Guix keeps both the tag and commit ref is
> simply that the tag could disappear from the repo. (In my
> experience, that's easy to do by accident when you clone a repo and
> push it to a new location. You have to fetch and push the tags
> explicitly.)
Changing locations are not an issue here as we don't have git mirrors.
> If a tag ever *was* changed to point to a different commit, meaning
> that the same version string now represents a different actual
> version, then I think Guix would give that version a new name, such
> as "1.2.3-new" or whatever. I don't know if this ever actually
> happened, but I think this is how Guix would probably want to deal
> with it if it does. Having one string represent two different actual
> versions is just really terrible and I don't see Guix ever supporting
> such a practice.
Currently, Guix "supports" this practice by going from tags to (git-
version base revision commit), i.e. doing what you'd expect it to do.
I think we did find a few badly behaving upstreams by virtue of using
tag and (hopefully) moved to git-version for all of those.
The alternative proposal would support this practice by not caring
about tags and let upstreams do as they please because they can't break
our tooling anyway, YOLO. In a sense, we are trying to find technical
solutions to social issues here.
> [tangent follows]
>
> (A software developer might argue that two different commits actually
> are the same version of the software, say for instance because only a
> minor change in the build system or README file or such was made,
> i.e. files that are considered "not part of the end-product," but in
> Guix land I think we wouldn't let that fare. Maybe an exception
> would be made if it was proven that the actual package produced by
> Guix from both commits will always be bit-identical. Even then,
> better not.)
If the documentation is included in the end product (which it hopefully
is), then yes, that hash would also change. If you change your gitlab
CI yaml, because you typo'd hard and then the CI failed to build a
release tarball, I think we as Guix can see that this is a one time
thing while you're still young and move to the new commit. If you do
it more often then yeah, no love from us.
> P.S. I hope I'm actually helping to add clarity to the thread instead
> of more confusion by adding my voice. I was just skimming the ML,
> found this thread interesting, and thought I might be able to add
> clarity, because it seemed a little confusing. :-)
At least imo your opinion helps, as it also helps me formulating my own
ideas clearly. If there's a particular thing you're confused about, do
not hesitate to ask :)
Cheers
next prev parent reply other threads:[~2021-12-31 10:55 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-28 20:55 On raw strings in <origin> commit field Liliana Marie Prikler
2021-12-29 8:39 ` zimoun
2021-12-29 20:25 ` Liliana Marie Prikler
2021-12-30 12:43 ` zimoun
2021-12-31 0:02 ` Liliana Marie Prikler
2021-12-31 1:23 ` zimoun
2021-12-31 3:27 ` Liliana Marie Prikler
2021-12-31 9:31 ` Ricardo Wurmus
2021-12-31 11:07 ` Liliana Marie Prikler
2021-12-31 12:31 ` Ricardo Wurmus
2021-12-31 13:18 ` Liliana Marie Prikler
2021-12-31 13:15 ` zimoun
2021-12-31 15:19 ` Liliana Marie Prikler
2021-12-31 17:21 ` zimoun
2021-12-31 20:52 ` Liliana Marie Prikler
2021-12-31 23:36 ` Mark H Weaver
2022-01-01 1:33 ` Liliana Marie Prikler
2022-01-01 5:00 ` Mark H Weaver
2022-01-01 10:33 ` Liliana Marie Prikler
2022-01-01 20:37 ` Mark H Weaver
2022-01-01 22:55 ` Liliana Marie Prikler
2022-01-02 22:57 ` Mark H Weaver
2022-01-03 21:25 ` Liliana Marie Prikler
2022-01-03 23:14 ` Mark H Weaver
2022-01-04 19:55 ` Liliana Marie Prikler
2022-01-04 23:42 ` Mark H Weaver
2022-01-05 9:28 ` Mark H Weaver
2022-01-05 20:43 ` Liliana Marie Prikler
2022-01-06 10:38 ` Mark H Weaver
2022-01-06 11:25 ` Liliana Marie Prikler
2022-01-02 19:30 ` zimoun
2022-01-02 21:35 ` Liliana Marie Prikler
2022-01-03 9:22 ` zimoun
2022-01-03 18:13 ` Liliana Marie Prikler
2022-01-03 19:07 ` zimoun
2022-01-03 20:19 ` Liliana Marie Prikler
2022-01-03 23:00 ` zimoun
2022-01-04 5:23 ` Liliana Marie Prikler
2022-01-04 8:51 ` zimoun
2022-01-04 13:15 ` zimoun
2022-01-04 19:45 ` Liliana Marie Prikler
2022-01-04 19:53 ` zimoun
2021-12-31 23:56 ` Mark H Weaver
2022-01-01 0:15 ` Liliana Marie Prikler
2021-12-30 1:13 ` Mark H Weaver
2021-12-30 12:56 ` zimoun
2021-12-31 3:15 ` Liliana Marie Prikler
2021-12-31 7:57 ` Taylan Kammer
2021-12-31 10:55 ` Liliana Marie Prikler [this message]
2022-01-01 1:41 ` Mark H Weaver
2022-01-01 11:12 ` Liliana Marie Prikler
2022-01-01 17:45 ` Timothy Sample
2022-01-01 19:52 ` Liliana Marie Prikler
2022-01-02 23:00 ` Timothy Sample
2022-01-03 15:46 ` Ludovic Courtès
2022-01-01 20:19 ` Mark H Weaver
2022-01-01 23:20 ` Liliana Marie Prikler
2022-01-02 12:25 ` Mark H Weaver
2022-01-02 14:09 ` Liliana Marie Prikler
2022-01-02 2:07 ` Bengt Richter
2021-12-31 17:56 ` Vagrant Cascadian
2022-01-03 15:51 ` Ludovic Courtès
2022-01-03 16:29 ` Vagrant Cascadian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=696347efa3a0ac449f538ef8bf2f6e42a517c5e0.camel@gmail.com \
--to=liliana.prikler@gmail.com \
--cc=guix-devel@gnu.org \
--cc=mhw@netris.org \
--cc=taylan.kammer@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).