[arch-dev-public] todo list for moving http -> https sources

Johannes Löthberg johannes at kyriasis.com
Tue Nov 1 15:39:47 UTC 2016

On 01/11, Sébastien Luttringer wrote:
>On Sun, 2016-10-30 at 22:47 -0400, Dave Reisner wrote:
>> On Mon, Oct 31, 2016 at 03:23:48AM +0100, Sébastien Luttringer wrote:
>> > On Sun, 2016-10-30 at 20:55 -0400, Dave Reisner wrote:
>> > As I use a transparent http cache at home (2Mb/s bandwidth), so far I only
>> > added the signature, and not the https as it breaks the cache.
>> This doesn't seem to hold much weight. You're duplicating the source
>> tarball now, as it exists (on disk?) in your http cache and in makepkg's
>> SRCDEST. I'm not sure I see the benefit to doing this, particularly
>> since the caching in SRCDEST is entirely agnostic to the protocol used
>> to fetch it.
>Over the time, I found a problem using $SRCDEST; it doesn't check if upstream
>sources have been modified since. I've been tricked few times, releasing
>packages with my local tarballs and not the one available to others.
>Maybe it's something which can be improved directly in makepkg.

Mmm, it probably should check if it's been modified, and if so, complain 

  Johannes Löthberg
  PGP Key ID: 0x50FB9B273A9D0BB5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1768 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20161101/71bcd1e7/attachment.asc>

More information about the arch-dev-public mailing list