From: ludo@gnu.org (Ludovic Courtès)
To: Mark H Weaver <mhw@netris.org>
Cc: guix-devel@gnu.org
Subject: Re: Generated patches change over time
Date: Sun, 02 Dec 2018 01:24:04 +0100 [thread overview]
Message-ID: <87a7lord23.fsf@gnu.org> (raw)
In-Reply-To: <87in0hw0ag.fsf@netris.org> (Mark H. Weaver's message of "Wed, 28 Nov 2018 12:59:08 -0500")
Hello Mark,
Mark H Weaver <mhw@netris.org> skribis:
> ludo@gnu.org (Ludovic Courtès) writes:
[...]
>> Lesson learned: we should not rely at all on generated patches because
>> they are bound to change frequently (version string at the end, length
>> of commit hash prefixes, etc.) It’s probably worse than tarballs
>> generated by Git hosting services.
>
> I guess the length of the commit hashes probably won't change very
> often, so the version number is the most pressing issue here.
Overall though such patches may typically change several times a year.
> I wonder if it would be worth adding a special 'origin' type that
> removes the version number from the end of git patches.
As I replied to Maxim, this is not really possible.
>> So we should probably work towards using local copies of patches, unless
>> we find that the generated patches do not include any variable bits.
>
> It might still be best to work towards using local copies of patches,
> although in the case of IceCat the set of patches is often quite large.
>
> Another issue to consider is that the use of local copies of patches
> involves putting more trust in contributors, in practice, or at least it
> seems so to me. When someone adds a non-obvious patch from upstream as
> a local file, it leads me to want to check to make sure it hasn't been
> modified from the upstream version, whereas if the package recipe
> fetches a patch from a URL that is clearly from the upstream git
> repository, it's somewhat more transparent what's going on.
Yeah I agree with this. Another concern is unbounded growth of the Git
repo.
OTOH a patch that changes over time becomes non auditable: you’ll notice
it has changed, and maybe that’s because of a benign change like those
discussed above, but maybe it’s something else; if you can’t retrieve or
reproduce the original patch, you can’t tell what the difference is.
So I don’t have a good solution, but I think we should avoid upstream
patches when we know they are generated in a non-reproducible fashion.
Thanks,
Ludo’.
next prev parent reply other threads:[~2018-12-02 0:24 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20181124183051.23027.37347@vcs0.savannah.gnu.org>
[not found] ` <20181124183052.9A76B209A2@vcs0.savannah.gnu.org>
2018-11-25 16:24 ` 01/02: gnu: rhythmbox: Update hash of patch Ludovic Courtès
2018-11-25 21:31 ` Mark H Weaver
2018-11-28 11:04 ` Generated patches change over time Ludovic Courtès
2018-11-28 17:59 ` Mark H Weaver
2018-12-02 0:24 ` Ludovic Courtès [this message]
2018-11-29 14:48 ` Maxim Cournoyer
2018-12-01 21:37 ` Ludovic Courtès
2018-12-01 22:29 ` Mark H Weaver
2018-12-02 10:38 ` Ludovic Courtès
2018-12-02 19:36 ` Maxim Cournoyer
2018-12-02 20:33 ` Mark H Weaver
2018-12-31 2:12 ` Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a7lord23.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=mhw@netris.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).