On Tue, Aug 02, 2016 at 10:41:09PM +0000, Timothy Gu wrote: > On Tue, Aug 2, 2016 at 3:10 PM Nicolas George <geo...@nsup.org> wrote: > > > Le sextidi 16 thermidor, an CCXXIV, Jan Ehrhardt a écrit : > > > Because it is faster to download a snapshot and extract it than > > > doing a git clone > > > > I suggest you consider doing a shallow clone (--depth 1). It should take > > roughly the same time as getting and unpacking a snapshot. IIRC, one of the > > minor perks of doing that is that the version script will give a more > > useful > > version tag. > > > > At least here, Git is still slower. In addition, https://git.ffmpeg.org > doesn't seem to support --depth. > > $ time curl https://www.ffmpeg.org/releases/ffmpeg-snapshot.tar.bz2 | tar > -jxf - > real 0m10.331s > user 0m2.272s > sys 0m0.312s > $ git clone --depth=1 https://git.ffmpeg.org/ffmpeg.git ffmpeg2 > Cloning into 'ffmpeg2'... > fatal: The remote end hung up unexpectedly > fatal: protocol error: bad pack header
this is due to git wanting to write temporary files into the repository which is not writable. Making it writable would be trivial and thats how linaro seems to have "fixed" it, but iam not sure thats a good idea security wise Updatng the git to something beyond whats available from the official ubuntu we use might fix this but then future security updates would become harder. (recent git is available at https://launchpad.net/~git-core/+archive/ubuntu/ppa so we would still have distro provided packages but security support would be an open question ...) so while all solutions are kind of not hard, iam a bit undecided what should be done about that [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Avoid a single point of failure, be that a person or equipment.
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
