On Tue, Apr 8, 2008 at 10:07 AM, Hyrum K. Wright
<hyrum_wright_at_mail.utexas.edu> wrote:
>
> Karl Fogel wrote:
>
> > "Ben Collins-Sussman" <sussman_at_red-bean.com> writes:
> >
> > > Hold on, I think Mark and Peter are both correct.
> > >
> > > Mark is right in that we've made a policy change: we now distribute a
> > > deps tarball only for *convenience*, so that people who really want to
> > > bother to build subversion (and it's billion of dependencies) have a
> > > lower barrier to entry. Mark is right that 99.9% of all users will be
> > > using binary distributions anyway, and the 0.1% of people who build
> > > Subversion will probably be distro maintainers and understand the
> > > compatibility issues around svn's dependencies.
> > >
> > > However, Peter is also correct in that we've not changed our docs or
> > > behaviors to reflect this new policy. Our INSTALL doc still talks
> > > about the deps tarball as if it were some official thing that
> > > guarantees our ABI compatibility promise, and our release process
> > > still involves signing deps tarballs, as if they were sacred. We need
> > > to change these things to match the new reality, and do a better job
> > > of advertising the new policy.
> > >
> > > Rather than fighting about this, here's 3 simple action items:
> > >
> > > 1. Fix the INSTALL docs
> > > 2. Stop signing deps tarballs
> > > 3. Put clear docs surrounding the deps-download that make it clear
> > > that the deps are for *convenience* only... and perhaps include a link
> > > to some doc explaining the APR ABI issue.
> > >
> >
> > *Smooooooch*.
> >
> > (This must be why they pay Ben the big bucks.)
> >
> > I've attempted step (1) in r30436, but welcome further tweaks of course.
> > Step (2) is something we all do, and I'll try step (3) later tonight if
> > no one beats me to it.
> >
>
> Actually, the deps tarballs are already signed much less frequently than
> the source tarballs. (2) wouldn't be a very large deviation from current
> behavior.
If we're still officially publishing deps tarballs, we really ought to
at least have one non-RM signature to guard against publishing
something entirely broken.
--dave
--
David Glasser | glasser@davidglasser.net | http://www.davidglasser.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-08 19:09:26 CEST