On Mon, Sep 8, 2014 at 2:59 AM, Ulrich Mueller <u...@gentoo.org> wrote: > > What is the problem with making snapshot of some git commit and > placing it on mirrors? >
To be clear, there isn't one. The more typical approach for fixes is to use the upstream main release tarball and continue to provide patches against it that track the backport branch. But, if you wanted to snapshot the whole commit the most trivial way to do it is just mirror the upstream branch to github and tag it to generate tarballs. Just updating a commit reference in an ebuild would be more convenient though. I don't disagree that SHA1 is less secure, and that we'd lose mirroring. I figured I'd see which way the winds seem to be blowing - it isn't a big deal... -- Rich
