Date: Thu, 24 Sep 2020 13:07:36 +0000 From: bugzilla-noreply@freebsd.org To: x11@FreeBSD.org Subject: [Bug 249554] x11/libwacom: update to 1.5 Message-ID: <bug-249554-7141-cmZ1FK6UDF@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-249554-7141@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=249554 --- Comment #4 from Jan Beich <jbeich@FreeBSD.org> --- Porter's Handbook 5.4.3 wording is fine "as is". It recommends looking at upstream-prepared upload first instead of always relying on automatically generated (via USE_GITHUB). The devil is in the details. For example, upstream python-based projects often exclude tests and sometimes even license file from uploads to PyPI. So which is better depends on a particular port and maintainer's preferences. After ports r527163 there's no "better" and I'm not the maintainer here. If you like bug 249503 why not commit it *separately* from this bug. (In reply to Emmanuel Vadot from comment #3) > What's the problem of using PATCHSITES/PATCH_FILES without USE_GITHUB ? Hardcoding value for GH_ACCOUNT in PATCHSITES i.e., slightly harder to copy-paste from port to port. Bug 249503 actually hardcoded more than necessary: libwacom instead of ${PORTNAME}. > I don't understand the comment on trust on human factor GitHub archives are automatic, based on git-archive(1). In order to compromise them one has to force push or update tag(s). Changing manual releases is less noticible because those are not guaranteed to match whatever is in the repo and are not part of the distributited nature of Git. > what about trust on github not screwing the generated archives then ? I think it'd be rare due to affecting many repos. GitHub being down happens more often but using manual releases won't help avoid being affected. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-249554-7141-cmZ1FK6UDF>