From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex Kost Subject: Re: [PATCH 2/4] emacs: Add 'guix-devel-download-package-source'. Date: Wed, 07 Oct 2015 20:25:44 +0300 Message-ID: <87si5mbnfr.fsf@gmail.com> References: <1443791046-1015-1-git-send-email-alezost@gmail.com> <1443791046-1015-3-git-send-email-alezost@gmail.com> <87d1wvadw2.fsf@gnu.org> <87bnceah2e.fsf@gmail.com> <87r3la6077.fsf@gnu.org> <87eghalc7s.fsf@gmail.com> <87wpv1tils.fsf@gnu.org> <87a8rwf2vl.fsf@gmail.com> <87mvvu6f5y.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:49119) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZjsTM-0002vb-D6 for guix-devel@gnu.org; Wed, 07 Oct 2015 13:25:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZjsTJ-0001ov-4H for guix-devel@gnu.org; Wed, 07 Oct 2015 13:25:48 -0400 In-Reply-To: <87mvvu6f5y.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Wed, 07 Oct 2015 14:23:21 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org Ludovic Court=C3=A8s (2015-10-07 15:23 +0300) wrote: > Alex Kost skribis: > [...] >> I don't see a problem here, since a fake sha256 may be any string,=20 > > Not really, since =E2=80=98base32=E2=80=99 is a macro that checks its arg= ument at > expansion time. So in practice one cannot C-M-x a package with a random > base32 string. Ah, indeed, it can't be any string, but it can be an empty string (perhaps it's a bug in =E2=80=98base32=E2=80=99?) >> for example "" (an empty string). Also I believe people begin to >> write a new package from some template, so you have a working skeleton >> of future package with all required fields from the very beginning. >> Then after filling an origin 'uri', you could "C-c . s" to download >> the source and get its hash. > > Hmm. I=E2=80=99m skeptical. :-) Sorry, I didn't get it. Skeptical that people start from a template? Or that one can download a source after filling an origin 'uri'? If the latter, I definitely did it. > What about, instead, providing an interactive function that would prompt > for a URL, run =E2=80=98guix download=E2=80=99 on that, and emit an =E2= =80=98origin=E2=80=99 template at > point with all the info? I see several problems here, but the main is: this sounds like it should be synchronous: you give an URL, wait until the source is downloaded and finally get the template at point. But downloading can take a VERY long time, so I don't think it will be a usable command. >> Oh, now I see what you mean. Well, I don't know, I think if a user has >> a habbit to check a signature, he will check it anyway; and if not, then >> not. Besides, at first a packager needs to find an URL of the source >> tarball, so he will meet a signature anyway, if it exists. So it's up >> to him if he checks it or not. > > (Him or her.) Yes, I just always say/write "he", "him", etc. > I think we really want to give packagers a strong incentive to check > signatures. Tools should make it easy to do that. OK, I understand. --=20 Alex