On Thu, Nov 15, 2018 at 06:51:31PM -0500, Daniel M. Capella via aur-general wrote: > Quoting Eli Schwartz via aur-general (2018-11-15 00:52:50) > > On 11/14/18 11:50 PM, Daniel M. Capella via aur-general wrote: > > > Quoting Levente Polyak via aur-general (2018-11-14 17:00:38) > > >> - tests are awesome <3 run them whenever possible! more is better! > > >> pulling sources from github is favorable when you get free tests > > >> and sometimes manpages/docs > > > > > > Will work with the upstreams to distribute these. I prefer to use > > > published > > > offerings as they are what the authors intend to be used. GitHub > > > autogenerated > > > tarballs are also subject to change: > > > https://marc.info/?l=openbsd-ports&m=151973450514279&w=2 > > > > I've seen the occasional *claim* that this happens, but I've yet to see > > any actual case where this happens and it isn't because of upstream > > force-pushing a tag. > > > > GitHub is supposed to use git-archive(1) for this, which is guaranteed > > to be reproducible when generating .tar, although in theory > > post-filtering this through a compressor like gzip can result in changes > > from one version of git to another. I say in theory because I don't > > recall this ever happening, and git-archive uses the fairly boring defaults. > > > > I don't see any reason to use substandard sources in order to avoid > > checksum problems I don't believe in. > > "substandard" 🤔 > https://wiki.archlinux.org/index.php/Python_package_guidelines#Source
Those guidelines are mainly in the context of the python ecosystem. There are no prefferences, only options. If tests, manpages or sources are missing from the pypi mirrors because of mismanagement from upstream, then they are indeed substandard. -- Morten Linderud PGP: 9C02FF419FECBE16
signature.asc
Description: PGP signature
