Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:102454
Return-Path: <johannes@schlueters.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 99600 invoked from network); 26 Jun 2018 14:37:33 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 26 Jun 2018 14:37:33 -0000
Authentication-Results: pb1.pair.com smtp.mail=johannes@schlueters.de; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=johannes@schlueters.de; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain schlueters.de from 84.19.169.162 cause and error)
X-PHP-List-Original-Sender: johannes@schlueters.de
X-Host-Fingerprint: 84.19.169.162 mail.experimentalworks.net  
Received: from [84.19.169.162] ([84.19.169.162:43014] helo=mail.experimentalworks.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 6B/05-50433-BAF423B5 for <internals@lists.php.net>; Tue, 26 Jun 2018 10:37:32 -0400
Received: from kuechenschabe.fritz.box (ppp-188-174-124-228.dynamic.mnet-online.de [188.174.124.228])
	by mail.experimentalworks.net (Postfix) with ESMTPSA id 2298640ED6;
	Tue, 26 Jun 2018 16:37:28 +0200 (CEST)
Message-ID: <1530023847.4441.22.camel@schlueters.de>
To: Alice Wonder <alice@librelamp.com>, internals@lists.php.net
Date: Tue, 26 Jun 2018 16:37:27 +0200
In-Reply-To: <c0642c64-8a20-9024-50aa-60dbaec08e30@librelamp.com>
References: 
	<DM5PR0201MB354280334D34629059189156AC4A0@DM5PR0201MB3542.namprd02.prod.outlook.com>
	 <1529936020.4441.10.camel@schlueters.de>
	 <c0642c64-8a20-9024-50aa-60dbaec08e30@librelamp.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] PHP 2^3
From: johannes@schlueters.de (Johannes =?ISO-8859-1?Q?Schl=FCter?=)

On Mo, 2018-06-25 at 16:14 -0700, Alice Wonder wrote:
> As a packager github is a fracking nightmare.
> 
> Frequently what we do is include a hash of the release tarball in our
> build and require that it matches so that people rebuilding our
> package (e.g. to add a patch they need) don't have to trust us, they
> can use our build spec file but fetch the upstream source themselves,
> and the hash matches lets them know that what they fetched from
> upstream is identical  to what the initial packager used.
> 
> But with github getting the url to the actual download is tricky and 
> often breaks and also I've seen the hash from the release tarball on 
> github differ from the hash the release tarball on the project site 
> numerous times.

Well, with git the url is repository URL+hash. A tarball not
necessarily bring rebuildability. I have seen different projects
replacing tarballs without changing version numbers etc.

Anyways those are details to be discussed outside this specific thread.

My point is that PECL is in a bad state from usability, both for
extension authors as well as users and I think a "PHP 8" headline might
be a good time to redefine this. But this needs work (and I also
directly say that I can't promise much time myself) so if others share
the pain and want to solve/improve this, I'd be happy to help
coordinating this.

johannes