From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45470) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dF6lB-0002ak-Q8 for guix-patches@gnu.org; Sun, 28 May 2017 18:34:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dF6l8-0001f6-Mj for guix-patches@gnu.org; Sun, 28 May 2017 18:34:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:39566) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dF6l8-0001f2-Dj for guix-patches@gnu.org; Sun, 28 May 2017 18:34:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dF6l8-0005mk-1A for guix-patches@gnu.org; Sun, 28 May 2017 18:34:02 -0400 Subject: bug#27110: [PATCH] gnu: asciinema: Update to 1.4.0. Resent-Message-ID: Date: Sun, 28 May 2017 18:33:23 -0400 From: Leo Famulari Message-ID: <20170528223323.GA15181@jasmine> References: <1495934193.2882278.990671576.787F34D9@webmail.messagingengine.com> <1519f8c5.AEUAKk_HotIAAAAAAAAAAAPFk78AAAACwQwAAAAAAAW9WABZKwI9@mailjet.com> <20170528183753.GB15883@jasmine> <2dff1be8.ADsAAhu0Cj4AAAAAAAAAAAO8ccgAAAACwQwAAAAAAAW9WABZK0zP@mailjet.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua" Content-Disposition: inline In-Reply-To: <2dff1be8.ADsAAhu0Cj4AAAAAAAAAAAO8ccgAAAACwQwAAAAAAAW9WABZK0zP@mailjet.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Arun Isaac Cc: 27110@debbugs.gnu.org, Alex Griffin --SUOF0GtieIMvvwua Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 29, 2017 at 03:48:36AM +0530, Arun Isaac wrote: >=20 > >> Could you switch to upstream's github release tarball instead? > >> https://github.com/asciinema/asciinema/archive/v1.4.0.tar.gz > >> > >> LGTM, otherwise! > > > > Is there a reason to prefer one over the other? > > > > I ask because, typically, these unammed GitHub tarballs are not actual > > releases prepared by the maintainers, but just a snapshot of the Git > > repo, created automatically by GitHub for each tag. PyPi tends to > > contain the "real" release in cases like this. >=20 > I thought it is better to depend directly on the upstream source > (github, in this case) than on an intermediary (pypi) who has also > packaged the software. If we use pypi, Guix becomes some kind of second > order package repository that depends on pypi, the primary package > repository. WDYT? My understanding is that project maintainers upload their releases to PyPi, not that PyPi packages the release for them. Is that incorrect? The GitHub tarballs that are named like 'v$version.tar.gz' are not releases made by the upstream projects. Take flex as an example: https://github.com/westes/flex/releases/tag/v2.6.4 The file 'flex-2.6.4.tar.gz' is a release tarball prepared by the flex maintainer. The link to 'Source code (tar.gz)' leads to 'v2.6.4.tar.gz', which is a snapshot of the tagged commit, created automatically by GitHub. It's not prepared by the maintainer, and it can't be built in the normal way because it hasn't been bootstrapped. It may be missing things like special documentation, NEWS, etc. Also, there may be extraneous development files included in the snapshot. In general, I think we should avoid the GitHub snapshots unless there is nothing else to use. In this case, is there something wrong with the release uploaded to PyPi? --SUOF0GtieIMvvwua Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlkrUDMACgkQJkb6MLrK fwgHRg//RkmF+nxtUzMyDqM9WCdbs5ZCglxhfgeb0KBKqI4toD+Nocsa6Y1XUDpb RhhFBhE4hTFo4k0ZC+oV8FEU01NJG69lupeIhq8DC2Cap5rMmYuRO5UXkbnxFNPd 72vh3pF9DAWcLVoThumFBGhPWnrriYcxPwP6isKw/eIcSD4SE2i/WWlhl9heQfji J9FAZUpOgtpSvg5XBS1o34dwnzGek7BFYb9XmXFtY1sLfspTGOo71FnjLKLdVT36 v+L1Vo/1DeqoZCzZYhFucI1P8xPqp7Re/9asQFw1g6I0K1Mb+0LulsH3kF5ACGb2 4ZvxxidwGqAMu4wMYNz2+v/tefWV0RKrfxnMtTZ1A9yODHT5e3ZVCBH71wLTNpiv z7fd1ZzNeN/7YtFNmXszNY72+gYlhuMqBcUCZKWQirpnKG5roG2d5Y0pdgqqxeZP K9q6ZuG6Cc507es6HXoRF0mqo0at0bPfZtiAglVeHVcbaOB89nnWp7nhRbVUGpJI k3L8E45+38eCf22MM2rKLafyYD5B0WzFbgs7fGBeMSPDyMtkVE6jabqTOjHO4way 19Cp5MPopMl0dkuXTVeeWC3JOuocxUyzLqTRBS+zueIAqmrNJXzZzsruI+Q6O+Zr ieG9nl62ABoRXvolYZJhn3jMIxcRz+kKfis/nYtYYbwQcrRTaFY= =buhc -----END PGP SIGNATURE----- --SUOF0GtieIMvvwua--