[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r39861 - trunk/www

From: Stefan Sperling <stsp_at_elego.de>
Date: Thu, 8 Oct 2009 12:21:45 +0100

On Thu, Oct 08, 2009 at 02:05:39AM -0700, Bert Huijben wrote:
> Author: rhuijben
> Date: Thu Oct 8 02:05:39 2009
> New Revision: 39861
>
> Log:
> * www/hacking.html
> (signing): Replace a hack that depends on the exact output of your
> gzip version, with a safer way to compare the tarbals.
>
> The previous version assumed all gzip programs give the exact
> same compression output when passing -9. But there are gzip versions
> with a slightly better or worse compression out there.
>
> Modified:
> trunk/www/hacking.html
>
> Modified: trunk/www/hacking.html
> URL: http://svn.collab.net/viewvc/svn/trunk/www/hacking.html?pathrev=39861&r1=39860&r2=39861
> ==============================================================================
> --- trunk/www/hacking.html Thu Oct 8 01:11:44 2009 (r39860)
> +++ trunk/www/hacking.html Thu Oct 8 02:05:39 2009 (r39861)
> @@ -3181,19 +3181,17 @@ to the announcement of the unofficial ta
>
> <p>If you've downloaded and tested a <tt>.tar.bz2</tt> file, it is possible to
> sign a <tt>.tar.gz</tt> file with the same contents without having
> -to download and test it separately. The trick is to extract the
> -<tt>.bz2</tt> file, and pack it using <tt>gzip</tt> like this:</p>
> +to download and test it separately. The trick is to extract the .gz and .bz2
> +files to remove the compression and then to compare these files like this:</p>
>
> <pre>
> - bzip2 -cd subversion-1.3.0-rc4.tar.bz2 \
> - | gzip -9n &gt; subversion-1.3.0-rc4.tar.gz
> + bzcat subversion-1.6.5.tar.bz2 > svn-bz2.tar
> + gzcat subversion-1.6.5.tar.gz > svn-gz.tar
> </pre>
>

The point of this hack was that people didn't have to download
both the .tar.gz and .tar.bz2 files.

> -<p>The resulting file should be identical to the file generated by the
> -release manager, and thus can be signed as described above.
> -To verify that the files are identical, you may use either the MD5 checksums
> -or the release manager's signature, both of which should be provided with the
> -tarballs.
> +<p>The resulting output from the two commands should be identical to the file
> +generated by the release manager before packaging, and thus the two files can
> +be signed as described above.
> </p>

Aren't we supposed to sign the compressed tarballs?

I'd say let's just remove this section from HACKING.

Stefan

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2404916
Received on 2009-10-08 13:22:03 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.