Guido Günther wrote: > attached patch makes "pristine_tar commit tarball" store a sha256 hash > of the orig tarball in the form: > > sha256: <sha256> > > in a file called tarball.checksum in git. This makes it easy for third > party tools like git-buildpackage to verify that the tarball found is > the one we want.
I don't understand why this verification needs to be done. The only use case I can see from pristine-tar's perspective is that this would allow catching cases where a change in the compressor program makes it generate different output than the old version. But then, the checksum should be inside the pristine-tar delta file itself, so it's always available for pristine-tar to check. -- see shy jo
signature.asc
Description: Digital signature
