Hello Assaf, > >> I wonder how users of these tarballs would be able to identify > >> snapshots if there is no version information. > > > > I find that for CI tarballs a > > stable URL is the more important feature. > > > > Somewhat related: > > If you're posting the tarballs to ftp.gnu.org or alpha.gnu.org , > the upload script (build-aux/gnupload) can create symlinks, > and even provide examples of symlinking a "-latest.tar.gz" to a > versioned one: > ---- > $ gnupload --help > [...] > 4. Create a symbolic link foobar-latest.tar.gz -> foobar-1.0.tar.gz > and likewise for the corresponding .sig file: > gnupload --to ftp.gnu.org:foobar \ > --symlink foobar-1.0.tar.gz foobar-latest.tar.gz \ > foobar-1.0.tar.gz.sig foobar-latest.tar.gz.sig > ---- > > Would that help with a stable URL for testing?
Yes, symlinks like this solve the problem. However, the continuous integration happens on non-GNU machines, and I'm not sure I would want to upload the secret part of my (or anyone else's) GPG key to a cloud platform, for security reasons. It could/would compromise the trust people have in the gnu-keyring.gpg. Bruno
