Reproducible tarballs on Github?
David A. Wheeler
dwheeler at dwheeler.com
Sun Oct 24 01:41:28 UTC 2021
> On Oct 23, 2021, at 3:23 PM, Arthur Gautier <baloo at superbaloo.net> wrote:
>
> I would expect Github to use the tar implementation of git-archive (or
> libgit2). git-archive is specifically designed to be reproducible.
I don’t know if it does, but that does seem likely.
> All I'm suggesting is to checksum the inflated version of the archive
> and not the compressed one.
Checksumming the inflated version makes sense to me, so that improved/varying
compression doesn’t matter (since it produces the same result).
Sounds like maybe GitHub doesn’t need to change anything.
If someone thinks GitHub *does* need to change something, I’d like to know
exactly what practical change is desired.
--- David A. Wheeler
More information about the rb-general
mailing list