On Tuesday 18 of February 2020, Eike Rathke wrote: > Hi, > > On Monday, 2020-02-17 19:06:23 +0100, Luboš Luňák wrote: > > And is there any worthwhile gain in insisting on using upstream > > tarballs? > > Reliable checksums and reproducible packaging. > > A responsible developer introducing a new tarball on the download server > a) checks it against the official checksum after download > b) creates the SHA256SUM of the file to use in download.lst > > Any repacking invalidates that, specifically on a developer's machine > could introduce omissions or additions.
That is the theory, but the reality is that we already do have some tarballs that do not have any matching upstream tarballs (e.g. because do not exist), so I think that point is moot. -- Luboš Luňák l.lu...@collabora.com _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice
