Gregory's ServerI think there's also something to be said for the release tarballs being reproducible, since we have git there's not much reason not to. Some release processes have codegen and cleanup steps involved before the release tarball is cut from git, but those can be made deterministic and verifiable
|
11 comments
Janne Moren
@drewdevault We download maintainer-supplied tarballs of releases if available. If not, we clone the repo and check out the tag or commit corresponding to the release, then build from that. 
Drew DeVault
Though we would definitely be cool with it if you took this opportunity to deprecate autotools everywhere so we never have to work with it again!
Drew DeVault
@rincewind depends on your needs but I might suggest that https://muon.build is the most general
rincewind
@drewdevault well, in my case that would monitoring-plugins.org which relies heavily on several different libs and command line utilities. 
Drew DeVault
@bayindirh incredibly complex and obtuse and poorly designed and solves problems that we mostly don't have and those that we do have other tools solve much better 
hexaheximal
@drewdevault The disappointing truth is that while autotools *is* bad, the modern alternatives are far worse. (e.g. CMake) 
mort
@drewdevault Considering autotools changes aren't backwards compatible, this sounds like hell tbh >_> you'd need many versions of autotools and be able to select between them based on which version range each project's configure.ac/Makefile.am file works with Alternatively, GNU could just take their bloody role as core infrastructure maintainer seriously and stop breaking stuff all the time, but I don't see that happening any time soon |
I'll add that, on behalf of distro maintainers everywhere, we don't really mind running autoreconf or whatever against a raw tarball fetched from a git tag, as it were, and dealing with these codegen/release prep bits ourselves as a part of the package building process.
Perhaps we should be fetching git tarballs and doing this work ourselves unilaterally rather than relying on upstream-prepared release tarballs anyway? The target audience for those is the casual/ad-hoc builds anyway.