On Thu, Oct 08, 2009 at 02:05:39AM -0700, Bert Huijben wrote:
> Author: rhuijben
> Date: Thu Oct 8 02:05:39 2009
> New Revision: 39861
> * www/hacking.html
> (signing): Replace a hack that depends on the exact output of your
> gzip version, with a safer way to compare the tarbals.
> The previous version assumed all gzip programs give the exact
> same compression output when passing -9. But there are gzip versions
> with a slightly better or worse compression out there.
> Modified: trunk/www/hacking.html
> URL: http://svn.collab.net/viewvc/svn/trunk/www/hacking.html?pathrev=39861&r1=39860&r2=39861
> --- trunk/www/hacking.html Thu Oct 8 01:11:44 2009 (r39860)
> +++ trunk/www/hacking.html Thu Oct 8 02:05:39 2009 (r39861)
> @@ -3181,19 +3181,17 @@ to the announcement of the unofficial ta
> <p>If you've downloaded and tested a <tt>.tar.bz2</tt> file, it is possible to
> sign a <tt>.tar.gz</tt> file with the same contents without having
> -to download and test it separately. The trick is to extract the
> -<tt>.bz2</tt> file, and pack it using <tt>gzip</tt> like this:</p>
> +to download and test it separately. The trick is to extract the .gz and .bz2
> +files to remove the compression and then to compare these files like this:</p>
> - bzip2 -cd subversion-1.3.0-rc4.tar.bz2 \
> - | gzip -9n > subversion-1.3.0-rc4.tar.gz
> + bzcat subversion-1.6.5.tar.bz2 > svn-bz2.tar
> + gzcat subversion-1.6.5.tar.gz > svn-gz.tar
The point of this hack was that people didn't have to download
both the .tar.gz and .tar.bz2 files.
> -<p>The resulting file should be identical to the file generated by the
> -release manager, and thus can be signed as described above.
> -To verify that the files are identical, you may use either the MD5 checksums
> -or the release manager's signature, both of which should be provided with the
> +<p>The resulting output from the two commands should be identical to the file
> +generated by the release manager before packaging, and thus the two files can
> +be signed as described above.
Aren't we supposed to sign the compressed tarballs?
I'd say let's just remove this section from HACKING.
Received on 2009-10-08 13:22:03 CEST