From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id yCsKArF5zmHy+wAAgWs5BA (envelope-from ) for ; Fri, 31 Dec 2021 04:32:01 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id SKENO7B5zmHWOQAA9RJhRA (envelope-from ) for ; Fri, 31 Dec 2021 04:32:00 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 787F5DED3 for ; Fri, 31 Dec 2021 04:32:00 +0100 (CET) Received: from localhost ([::1]:42364 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1n38e7-0003xa-H6 for larch@yhetil.org; Thu, 30 Dec 2021 22:31:59 -0500 Received: from eggs.gnu.org ([209.51.188.92]:39318) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n38Zb-0006Cs-Te for guix-devel@gnu.org; Thu, 30 Dec 2021 22:27:19 -0500 Received: from [2a00:1450:4864:20::442] (port=39610 helo=mail-wr1-x442.google.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1n38ZZ-0002gV-Vz for guix-devel@gnu.org; Thu, 30 Dec 2021 22:27:19 -0500 Received: by mail-wr1-x442.google.com with SMTP id s1so53838584wra.6 for ; Thu, 30 Dec 2021 19:27:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:subject:from:to:date:in-reply-to:references:user-agent :mime-version:content-transfer-encoding; bh=fXMrl2qE3bluxUDPAN4H7QJFtIZ0/qIHLC9GPFshu4c=; b=YOtzR5wZiqvZfIxHp2BLr2XauVPGvsRtE68Gs1+KRxcom8JmJ2EU4XWhvzF6ojVr5S g2t09nw+NzrpNucMofWHdAHeVbmkTZdGGIgDKrFdl+nyavp3yhRsp7Us45y5i+3Tiv77 346MPD7DddAbt1c7188AdmhCRr9NbP+lJIsuQGsQMam+ohK1/WyEByp54HPL2FRYMYcJ MyKLuwzrJCRtWrDXi+MG7ampwvLHyHkx/Xvgy/ezENZsIr/A1PBsObO6iocqQ7t7LIvV bapvO696XHzWEIcgifYVI/IEoIhW2FMyiwzvtUo0lJTSAPJrNjUVYJb36wA+xeeB++ma L6Xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:subject:from:to:date:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=fXMrl2qE3bluxUDPAN4H7QJFtIZ0/qIHLC9GPFshu4c=; b=HlkZEMLecBizEbIAfoecdQTLDA3vvcDH5O5KPh8wLCgzjVI8zF5eZt/avd9sf7yBrh r88CLqUvxq0DncoOqYlDnKoRxmCCsoqMGvIIWWk1sHyFaw1UW97G14jKcY3APdj0TvLg KRMecOt2kIuT7cul8HDZuoWGX6xR6GU3ObnzxAb9otvvRZV3xwTkbqp/PjdFFcYAtB4h Tp/HqyMW7qpq3du7PEQCGQ/vrDcaB2xLrBnf+CDlg+9iE8CYHZ/clcSjY/HZPmwJ+pvV VWyaP0Sl5HQX29YJsih7IIqnjMC0XPkSQGOqouPY+b9kKfBN5ll6AooZpWPf7nOvZo/M mW6g== X-Gm-Message-State: AOAM53081li257bwXEZD6h7amt/kekBdu5mGJO61iPXuyjhAsYWY7zXv DcTFmaMSVENIM4CAeIoEWyo= X-Google-Smtp-Source: ABdhPJxLQ+R+rr4o1xqW6WsYyM0BKel6IrqKwckz2PWOazGT9QR9nE2J0wT4xuyZO+Jj2SRAXyPoKg== X-Received: by 2002:a5d:4486:: with SMTP id j6mr26497975wrq.160.1640921236180; Thu, 30 Dec 2021 19:27:16 -0800 (PST) Received: from nijino.fritz.box (85-127-52-93.dsl.dynamic.surfer.at. [85.127.52.93]) by smtp.gmail.com with ESMTPSA id l26sm24289875wme.36.2021.12.30.19.27.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Dec 2021 19:27:15 -0800 (PST) Message-ID: <9a5e3e7f44155146d731dd5a97450a9ff9dff5ab.camel@gmail.com> Subject: Re: On raw strings in commit field From: Liliana Marie Prikler To: zimoun , guix-devel@gnu.org Date: Fri, 31 Dec 2021 04:27:14 +0100 In-Reply-To: <86k0flpnx5.fsf@gmail.com> References: <6e451a878b749d4afb6eede9b476e5faabb0d609.camel@gmail.com> <86y243kdoo.fsf@gmail.com> <899587fb6a76ddfa37d197d3d0fd23cdc7ad8592.camel@gmail.com> <867dbmi7pf.fsf@gmail.com> <3d448fe42f0c43574db96fa26aecd7da5fd5a95d.camel@gmail.com> <86k0flpnx5.fsf@gmail.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a00:1450:4864:20::442 (failed) Received-SPF: pass client-ip=2a00:1450:4864:20::442; envelope-from=liliana.prikler@gmail.com; helo=mail-wr1-x442.google.com X-Spam_score_int: 6 X-Spam_score: 0.6 X-Spam_bar: / X-Spam_report: (0.6 / 5.0 requ) DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1640921520; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=fXMrl2qE3bluxUDPAN4H7QJFtIZ0/qIHLC9GPFshu4c=; b=MnkoOF1Wk/rJt2sNWKsBpOtCu2xOTUisH0bqeIbVi6tBFEdPfIxUuFum3cW55VA52Wr9Zk rzXuOKldjewVbuGm/S9U1Uxsuy86mTzTHYICvMoiEgNau86doL2dmAtV0XwfQRCUL+9vi8 AwuP5HwfJ9YSfpG0COgWpI3PZezDT/mXt5/K7CeVnT/fv+ni8bKMjq7IyYXI2+dxYLhpyX qhfwJWNSMMgxDjqxMyz13SjZSl3rOguojhmYHCNw7evViJCGqp515+pli6LKFNgjG8XmVG wpX6Kv3wuZAGlNNy++JYl4ZbPgVxMQKFCEukQrA7qCiwFPlGoagA64V1MB6IxA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1640921520; a=rsa-sha256; cv=none; b=ZguiU5hr5OA7wB8E/yC3j8VA46hS/qYkCX8mhe+CC/G8lyk2mLEv5lKC5HNNZMflGDu/Dm MPbRW//Um35ss3dEJi9nxYfptbpZ4bjzJGEdmqm0M83AzheZhUy8vfbFMtEwO2h20VdXI5 YvhkiIO0U25f6RJAu+iZ5D1hB5u3lhTrIRBB83SIRctfxp+GqWYCB2yXNgDaJDad7nK+xw MvTUWFZ0ByaRf74Goqr40ovYscCe6wPnHJvZiZMq/83gWL6kWTbFGSaJoiW9cFIgKoVTPg jXSZ7z6xZPlxsYjAcOoV/3/aWEOMQC0TceUncpNer3DTMQHxvtQaTXLLgRjIpQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=YOtzR5wZ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -4.28 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=YOtzR5wZ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 787F5DED3 X-Spam-Score: -4.28 X-Migadu-Scanner: scn1.migadu.com X-TUID: prG0n7C1qlyD Hi, Am Freitag, dem 31.12.2021 um 02:23 +0100 schrieb zimoun: > Hi Liliana, > > I have read all your emails a couple of times and I am sorry I am > still missing what you are raising.  Because I feel we are failing to > explain each other, that’s fine, it happens sometimes :-) I hope > others will find the intersection of this discussion. > > Honestly I am lost in the middle of somewhere between affine space > and Cantor’s diagonal argument. ;-) To shorten it, we currently have the following problem: We can specify the commit field by tag, which is not robust, by raw commit which is confusing and can be misleading, or by let-bound commit with a special version field, which is still confusing if we're at an epsilon revision (epsilon meaning nothing changed since release and we're not expecting change), but beats the first option in robustness and the second in readability at the cost of having a funky version field. I am arguing that we should go with either option one or three, but never two. > I agree with this statement: > >     >> SWH records the “history of the history”.  It can tell you > what the >     >> tag pointed to at the time of a specific snapshot. >     This just reiterates my point of Guix not trying hard enough with >     fallbacks. > > and in my views, the path to robustify the fallback is via more > immutable content-address and intrinsic values and less mutable > broken string as URL+tag.  Obviously, 1) all is not white or black > and many things are grey as always and 2) we have to deal with this > broken world of URL+tag, thus I hope we will improve the fallback SWH > through various snapshots instead of considering only the last one. > > However consider that SWH is an archive, not a forge or a mirror.  It > means that SWH ingests this or that only every X months.  Therefore, > you have no guarantee that the snapshots represents the complete > history of history. > > For sure, upstream can remove some commits between two ingestions.  > But, most of the time, commits (history) are kept and the bad > practise is to just move the pointer (tag) from one commit to > another. To be fair, you raise a good point with SWH not being infallible, so we might want to have fallbacks that work regardless of it. That being said, we don't support git-mirrors yet either, do we? > > I'mma quote Ludo for a change. > > And for completeness, let quote Ludo again from the same thread. :-) > >         No, I think we should consider always referring to commits >         instead of tags.  It’s annoying from a readability viewpoint, >         but it would ensure reproducibility.  Even flatpak has this >         policy.  :-) > >           https://github.com/flathub/flathub/wiki/App-Requirements ... Fine, I'mma quote flathub for a change. > When building from a git tag, both the tag name and the commit id > should be specified, like so: > > "tag": "1.0.4", > "commit": "cdfb19b90587bc0c44404fae30c139f9ec1cca5c" It's almost as though they know a commit without a tag has no intrinsic meaning. Also, I'm pretty sure flatpak could care less about hashes if asked to (unlike Guix, which requires you provide one to be granted network access), so the optional by means other than policy SHA-1 hash here is not comparable to the required SHA-256 hash we always have. Also, even if we do decide to sacrifice readability for the greater reproducibility, I think this approach is especially hostile to the future reader in the very case it is concerned about. For all they know, this particular Guix package of version "1.0.4" could have had cosmetic changes applied, which were not at all cosmetic, but rather a downgrade to 0.1.4. Cheers