2013/2/20 Rich Freeman <ri...@gentoo.org>: > There is a current QA policy that anything using an scm to download > sources cannot be stabilized, because there is no way to verify the > manifest. > > I'm actually wondering if that makes sense with git when a specific > commit is referenced, since everything is content-hashed anyway. > Perhaps we just need to confirm that git actually checks the hash. >
If you checkout some revision or tag just create the darn tarball yourself as it is much cleaner solution and you don't force user to install git or other scm tools unless they need them.
