patch links do not have stable checksums

ilove zfs ilovezfs at icloud.com
Sun Dec 4 09:45:04 CET 2016


I'm reporting this as a result of this issue https://github.com/Homebrew/homebrew-core/issues/5353 which was filed with Homebrew regarding cgit.



The cgit patch links do not have stable checksums because of the cgit version signature at the bottom of each patch.



For example, "cgit v1.1-3-g9641"



So whenever a cgit server upgrades its version of cgit the checksums of the contents of all patch links changes.



This compromises the usefulness of cgit patch links for anything other than casual, temporary use.



As a result of this behavior, Homebrew cannot use cgit patches in our patch blocks since each patch block has a url and a checksum, so every time the checksum changes due to the signature change, the patch block is invalidated, and someone must investigate why it changed and whether the content changed in any way other than the signature, and then update the checksum, and open a pull request, and go through CI, and have someone approve and merge the PR. This is a very wasteful use of the time of volunteers on an open source project.



To mitigate this situation, we end up having to vendor all cgit patches in our separate formula-patches repository, which would be entirely unnecessary if the checksums were stable. This is also a very wasteful use of time, but better than morphing checksums of content that's not actually changing.



It would be great if going forward the version signatures were removed from cgit patches so that there are persistent checksums for the patch files across cgit versions, and so that a change in the checksum actually means there was a real content change worth looking into.



Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20161204/15d870d5/attachment.html>


More information about the CGit mailing list