[Buildroot] [PATCH 1/1] documentation: hash source control archives

Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] documentation: hash source control archives
Date: Mon, 28 Nov 2016 21:43:17 +0100	[thread overview]
Message-ID: <20161128214317.5cbbc846@free-electrons.com> (raw)
In-Reply-To: <1480344142-6382-1-git-send-email-ash.charles@savoirfairelinux.com>

Hello,

On Mon, 28 Nov 2016 09:42:22 -0500, Ash Charles wrote:

> -The +none+ hash type is reserved to those archives downloaded from a
> -repository, like a 'git clone', a 'subversion checkout'...
> +For archives downloaded from a repository e.g. from a 'git clone', a 'subversion checkout', using a locally-calculated sha256 hash is recommended although the +none+ type has also been used.

The line needs to be wrapped to 72 characters.

Also, I am not sure that the archives we produce from all version
control systems are reproducible. I'm sure it's the case for Git, but
I'm not sure for Subversion, so it might be that your statement is
actually wrong.

In addition, I think the last part "although the +none+ type has also
been used" is a bit confusing.

I think we should rather:

 1. Look again closely at which version control systems currently
    produce reproducible archives in Buildroot.

 2. Make Buildroot actually check the hashes for the downloads made
    through those version control systems.

 3. Update the documentation accordingly, with a clear statement of
    which packages should have hashes, which packages should not.

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com

next prev parent reply	other threads:[~2016-11-28 20:43 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-28 14:42 [Buildroot] [PATCH 1/1] documentation: hash source control archives Ash Charles
2016-11-28 20:43 ` Thomas Petazzoni [this message]
2016-11-28 21:40   ` Ash Charles

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20161128214317.5cbbc846@free-electrons.com \
    --to=thomas.petazzoni@free-electrons.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox