[prev in list] [next in list] [prev in thread] [next in thread]
List: cgit
Subject: patch links do not have stable checksums
From: ilove zfs <ilovezfs () icloud ! com>
Date: 2016-12-04 8:45:04
Message-ID: 8ec92b94-13ec-45ec-b8f7-66d1165ccd8e () me ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I'm reporting this as a result of this issue \
https://github.com/Homebrew/homebrew-core/issues/5353 which was filed with Homebrew \
regarding cgit.
The cgit patch links do not have stable checksums because of the cgit version \
signature at the bottom of each patch.
For example, "cgit v1.1-3-g9641"
So whenever a cgit server upgrades its version of cgit the checksums of the contents \
of all patch links changes.
This compromises the usefulness of cgit patch links for anything other than casual, \
temporary use.
As a result of this behavior, Homebrew cannot use cgit patches in our patch blocks \
since each patch block has a url and a checksum, so every time the checksum changes \
due to the signature change, the patch block is invalidated, and someone must \
investigate why it changed and whether the content changed in any way other than the \
signature, and then update the checksum, and open a pull request, and go through CI, \
and have someone approve and merge the PR. This is a very wasteful use of the time of \
volunteers on an open source project.
To mitigate this situation, we end up having to vendor all cgit patches in our \
separate formula-patches repository, which would be entirely unnecessary if the \
checksums were stable. This is also a very wasteful use of time, but better than \
morphing checksums of content that's not actually changing.
It would be great if going forward the version signatures were removed from cgit \
patches so that there are persistent checksums for the patch files across cgit \
versions, and so that a change in the checksum actually means there was a real \
content change worth looking into.
Thanks!
[Attachment #5 (multipart/related)]
[Attachment #7 (text/html)]
<html><body><div>I'm reporting this as a result of this issue <a \
href="https://github.com/Homebrew/homebrew-core/issues/5353">https://github.com/Homebrew/homebrew-core/issues/5353</a> \
which was filed with Homebrew regarding cgit.<br data-mce-bogus="1"></div><div><br \
data-mce-bogus="1"></div><div>The cgit patch links do not have stable checksums \
because of the cgit version signature at the bottom of each patch.<br \
data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>For example, "cgit \
v1.1-3-g9641"<br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>So \
whenever a cgit server upgrades its version of cgit the checksums of the contents of \
all patch links changes.<br data-mce-bogus="1"></div><div><br \
data-mce-bogus="1"></div><div>This compromises the usefulness of cgit patch links for \
anything other than casual, temporary use.<br data-mce-bogus="1"></div><div><br \
data-mce-bogus="1"></div><div>As a result of this behavior, Homebrew cannot use cgit \
patches in our patch blocks since each patch block has a url and a checksum, so every \
time the checksum changes due to the signature change, the patch block is \
invalidated, and someone must investigate why it changed and whether the content \
changed in any way other than the signature, and then update the checksum, and open a \
pull request, and go through CI, and have someone approve and merge the PR. This is a \
very wasteful use of the time of volunteers on an open source \
project.<br></div><div><br data-mce-bogus="1"></div><div>To mitigate this situation, \
we end up having to vendor all cgit patches in our separate formula-patches \
repository, which would be entirely unnecessary if the checksums were stable. This is \
also a very wasteful use of time, but better than morphing checksums of content \
that's not actually changing.<br></div><div><br data-mce-bogus="1"></div><div>It \
would be great if going forward the version signatures were removed from cgit patches \
so that there are persistent checksums for the patch files across cgit versions, and \
so that a change in the checksum actually means there was a real content change worth \
looking into.<br data-mce-bogus="1"></div><div><br \
data-mce-bogus="1"></div><div>Thanks!<br data-mce-bogus="1"></div></body></html>
_______________________________________________
CGit mailing list
CGit@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/cgit
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic