From mboxrd@z Thu Jan 1 00:00:00 1970 From: Lasse Collin Subject: bug#21784: Old XZ tarballs Date: Sat, 31 Oct 2015 20:29:08 +0200 Message-ID: <20151031202908.5548817d@tukaani.org> References: <87r3kd8lpb.fsf@gnu.org> <20151030194730.4a2639ae@tukaani.org> <87si4sb02k.fsf_-_@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:38813) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zsavj-0006eo-Rm for bug-guix@gnu.org; Sat, 31 Oct 2015 14:31:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Zsave-00052c-Qq for bug-guix@gnu.org; Sat, 31 Oct 2015 14:31:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:56610) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zsave-00052Y-NX for bug-guix@gnu.org; Sat, 31 Oct 2015 14:31:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1Zsave-0003o6-Jr for bug-guix@gnu.org; Sat, 31 Oct 2015 14:31:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87si4sb02k.fsf_-_@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 21784@debbugs.gnu.org On 2015-10-30 Ludovic Court=C3=A8s wrote: > Lasse Collin skribis: > > For some reason the old XZ Utils versions are more popular downloads > > than the latest versions (5.0.8 and 5.2.2). Perhaps I should move > > the downloads somewhere else to avoid bandwidth quota issues, >=20 > Some people move old tarballs to an old/ sub-directory, to make sure > people do not mistakenly take an old version. I don=E2=80=99t know if th= at > would help here? I don't like to break links intentionally. I know I did exactly that a few days ago, but it cannot be the long-term solution. The links to old versions are on a separate page already, so those using a web browser are unlikely to get an old version by accident. > > but on the other hand I feel that it's not nice if source-based > > distributions rely on upstream servers instead of providing their > > own distro-specific mirrors. If you think this isn't a reasonable > > wish, feel free to say so. >=20 > Guix does automatically mirror tarballs via its =E2=80=9Csubstitute=E2=80= =9D > mechanism. However, users can turn it off, in which case they end up > downloading the tarball from the upstream URL specified in the > package recipe. OK. :-) Why would users turn it off though? I would guess that one good mirror would be more reliable than dozens of upstream sites of which just one needs to be down to be a problem for a user. A package manager should know the hash or signature of the file, so from security point of view it doesn't matter where the file comes. Note that I have nothing against including the upstream URL in the build scripts. I just wish that it doesn't cause a *large* number of users downloading the file from the upstream instead of distro's mirror. To be fair, xz-5.0.4.tar.gz hasn't been a popular download (xz-5.0.4.tar.bz2 is somewhat popular though), so I believe Guix users haven't caused a significant amount of traffic for me. :-) > > By the way, is there a reason why you use 5.0.4 instead of 5.0.8 (or > > even 5.2.2)? >=20 > No good reason! We=E2=80=99ll upgrade it as soon as this can be done wit= hout > triggering too much rebuild/redownloads for users. API/ABI is backward compatible so one shouldn't need to rebuild other packages. There's a mailing list "xz-announce" in case you want a notification when a new version is released: --=20 Lasse Collin | IRC: Larhzu @ IRCnet & Freenode