[lunar] lget should verify the downloads (#19)
v4hn
v4hn at lunar-linux.org
Sat Aug 11 23:17:40 CEST 2012
Hey everyone,
On Sat, Aug 11, 2012 at 12:54:40PM -0500, Terry Chan wrote:
> I'm NOT in favor of this change. As I recall the original reason for
> having the lget command (and it's no verification of sources) was to
> facilitate devs downloading sources. We obviously download sources
> for testing purposes and module upgrades where the sha1sum is NOT
> known ahead of time. So the workflow is lget new_module_source,
> sha1sum new_module_source, edit DETAILS file with new sha1sum. lget
> verifying sha1sum breaks this workflow.
I understand your reasoning and I use that same workflow
mostly (though it makes sense to check for checksums on the projects
webpages if available).
Nevertheless, I would like to see lget at least optionally
verify downloads for two major reasons:
1. It makes sense to do that. If I got two minutes to load sources
and afterwards 5 hours without network connection, then I want to be able
to compile all modules in those 5 hours. This is not always possible
if the download does't tell me that one of the files is broken.
At the moment, the only way I can be sure the files are fine is by
running `lsh verify_all_sources $MODULE` for each module.
2. If SOURCE_VFY moves to lget we could without any problem write
a SOURCE_VFY plugin/rewrite the sha1 plugin and make it spit out the
new checksum if the old is empty or wrong. So the workflow you describe
would be even more easy with this change imo.
Well, I'm fine with it if you like to keep SOURCE_VFY in lin.
But then please add a command line switch to make lget verify the checksums.
v4hn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://foo-projects.org/pipermail/lunar/attachments/20120811/4b8b88bf/attachment.bin>
More information about the Lunar
mailing list