Opened 7 years ago
Closed 7 years ago
#10409 closed enhancement (fixed)
libuv-1.19.2
| Reported by: | Owned by: | thomas | |
|---|---|---|---|
| Priority: | normal | Milestone: | 8.3 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New poiint version.
Change History (7)
comment:1 by , 7 years ago
comment:2 by , 7 years ago
It's a github trick. You can download any archive specified like
https://github.com/libuv/libuv/archive/v1.19.2.tar.gz
As
https://github.com/libuv/libuv/archive/v1.19.2/fooobarbaz.tar.gz (and change foobarbaz to whatever)
comment:3 by , 7 years ago
The files are also at https://dist.libuv.org/dist/v1.19.2/libuv-v1.19.2.tar.gz
follow-up: 6 comment:4 by , 7 years ago
how to find out where the real source is?
https://dist.libuv.org/dist/v1.19.2/libuv-v1.19.2.tar.gz differs from https://github.com/libuv/libuv/archive/v1.19.2.tar.gz, the first tarred a directory named libuv-v1.19.2, the seconds one is libuv-1.19.2 and therefore, the md5sums does not match at all. I personally more and more untrust all that github projects.
If ok so far, i'd like to use the dist.libuv.org archive or is there a guideline to prefer github? I'd than use that of course.
Btw, there was a typo in my URLs (1.9.2 instead of 1.19.2) but the resst of the issues remains.
comment:5 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:6 by , 7 years ago
Replying to thomas:
how to find out where the real source is?
Use "git clone", then "git checkout <tag>": that is the real source. Other things are packages or releases...
https://dist.libuv.org/dist/v1.19.2/libuv-v1.19.2.tar.gz differs from https://github.com/libuv/libuv/archive/v1.19.2.tar.gz, the first tarred a directory named
libuv-v1.19.2, the seconds one islibuv-1.19.2and therefore, the md5sums does not match at all. I personally more and more untrust all that github projects.
Well, I do not see what is less trustable on github than on any other site :)
Upstream packaging is faulty when you cannot find a md5sum (or shaxsum) or pgp signature. But this is not github's fault (sometimes there are signature or hash on the "release" pages on github). There is a signature on dist.libuv.org...
See also https://github.com/libuv/libuv/tree/master
If ok so far, i'd like to use the
dist.libuv.orgarchive or is there a guideline to prefer github? I'd than use that of course.
One cannot tell at first: it depends on how reliable the server is. In this case, I'd be inclined to go to dist.libuv.org
Btw, there was a typo in my URLs (1.9.2 instead of 1.19.2) but the resst of the issues remains.
Normally, Armin's trick should work too. But as said above, it seems better to use dist.libuv.org
Grrr, I hate that github stuff.
There is no https://github.com/libuv/libuv/archive/v1.9.2/libuv-1.9.2.tar.gz but a https://github.com/libuv/libuv/archive/v1.19.2.tar.gz can be found under "Releases".
Why the hell are they not able to use the "usual" naming convention <pkgname>-<pkgversion>.tar.xz?
Or is it a PEBKAC on my side?