Source URL guidelines (was Re: source file audit - 2009-02-15)
Tom Lane
tgl at redhat.com
Sun Feb 22 15:50:06 UTC 2009
Ralf Corsepius <rc040203 at freenet.de> writes:
> Tom Lane wrote:
>> I don't know what an appropriate set of rules is, but I wish that the
>> Source-URL packaging guidelines bore some resemblance to the real world
>> of modern web design. (Or misdesign, perhaps, but that's what's out
>> there.) The special exception for sourceforge needs to be replaced
>> with some more general discussion of what to do with bizarre website
>> layouts.
> The whole point behind Source-URL rules is to have a reliable,
> deterministic URL from which a package can be retrieved from for e.g.
You seem to have missed my point, which is that that "whole point" is
an academic abstraction that doesn't always match up to the real world
very well. And the current guidelines fail miserably at helping a
packager decide how to cope with the cases where the abstraction doesn't
match reality.
I'm not eager to extrapolate my own limited experience into a general
rule, but the impression I have is that on most upstream sites there is
a pretty static URL for a "download page" that will tell you what's the
current release version, and from there you can get to the actual
downloadable tarball in a click or three. The tarball itself has a
much less deterministic URL, because of things like mirroring schemes.
(I suppose webmasters are more concerned about bandwidth for big data
files than for http pages, and they do realize that people are likely
to bookmark download pages.)
In my opinion it is important to record the download-page URL in the
specfile, not only because of the problem of checking for update
versions but also because that's where you need to go if you want to get
the upstream package md5sum or GPG signature or whatever. AFAICS the
URL: tag is not the right place --- URL is generally meant to be the
project homepage, no? In simple cases the download page is the
Source-URL minus the last component, but I would like to have a
standardized convention for recording it when it's not that.
If we start having automatic enforcement of Source-URL then I'm going
to be reduced to something like
# Get this from http://dev.mysql.com/downloads/mysql/5.1.html
Source0: mysql-%{version}.tar.gz
which isn't an improvement by any measure, especially if it's not a
recognized convention.
regards, tom lane
More information about the fedora-devel-list
mailing list