Leo Famulari <l...@famulari.name> skribis: > On Wed, Aug 17, 2016 at 09:20:42PM +0200, David Craven wrote: >> Oh, that's embarrassing. I must have forgotten to change the hash and >> guix cached the tarball. Is that possible? > > If the hash is matched in the store, the URL is not used, so you won't > see an incorrect URL fail to match the hash. > > This is a common cause of buggy patches. > > I wonder, are there any drawbacks of making the linter check that the > URL provides the data named by the hash?
The rationale so far was that ‘guix lint foo’ should be fast (a couple of seconds at most), and ‘guix lint’ (all packages) should complete in less than a day. ;-) Thus, the ‘source’ and ‘home-page’ checks simply ensure that the URI points to something accessible instead of actually downloading the thing. This is fast and catches the most obvious errors, but has the drawback of not catching the right-URL-wrong-hash kind of errors. Ludo’.
