[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Mutable Git tags & Software Heritage
|
From: |
Ludovic Courtès |
|
Subject: |
Mutable Git tags & Software Heritage |
|
Date: |
Fri, 29 Oct 2021 16:12:38 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi,
zimoun <zimon.toutoune@gmail.com> skribis:
> On Thu, 21 Oct 2021 at 22:47, Ludovic Courtès <ludo@gnu.org> wrote:
>
>> ‘guix lint -c archival’ uses ‘lookup-origin-revision’, which is a good
>> approximation, but it’s not 100% reliable because tags can be modified
>> and that procedure only tells you that a same-named tag was found, not
>> that it’s the commit you were expecting. (And really, we should stop
>> referring to tags.)
>
> At package time, Guix uses tag. Then “guix lint” saves the upstream
> repo; containing the correct tag. Now, upstream replaces in-place the
> tag and saves to SWH by their own. How does SWH deal with this case?
SWH records the “history of the history”. It can tell you what the tag
pointed to at the time of a specific snapshot.
However our fallback code picks the tag as it exists in the latest
snapshot, and thus it could pick “the wrong one” if the tag was modified
over time.
> Well, because it is not affordable to switch from the current
> tag-address to immutable commit-address for defining packages, in order
> to be 100% reliable, any fallback should use Disarchive-DB which stores
> the mapping from checksum to swhid; for all kind origins.
>
> Is it what you have in mind?
No, I think we should consider always referring to commits instead of
tags. It’s annoying from a readability viewpoint, but it would ensure
reproducibility. Even flatpak has this policy. :-)
https://github.com/flathub/flathub/wiki/App-Requirements
Ludo’.