Tracing where build time is spent

Eike Rathke erack at redhat.com
Tue Feb 18 22:52:03 UTC 2020


Hi,

On Monday, 2020-02-17 19:06:23 +0100, Luboš Luňák wrote:

>  And is there any worthwhile gain in insisting on using upstream tarballs? 

Reliable checksums and reproducible packaging.

A responsible developer introducing a new tarball on the download server
a) checks it against the official checksum after download
b) creates the SHA256SUM of the file to use in download.lst

Any repacking invalidates that, specifically on a developer's machine
could introduce omissions or additions.

  Eike

-- 
GPG key 0x6A6CD5B765632D3A - 2265 D7F3 A7B0 95CC 3918  630B 6A6C D5B7 6563 2D3A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/libreoffice/attachments/20200218/17208366/attachment.sig>


More information about the LibreOffice mailing list