Skip to content
This repository has been archived by the owner on May 4, 2021. It is now read-only.

Ticket29294 #332

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Ticket29294 #332

wants to merge 10 commits into from

Conversation

juga0
Copy link
Contributor

@juga0 juga0 commented Feb 6, 2019

No description provided.

@juga0
new: Add gitchangelog configuration file
52b8404
@juga0
new: Add gitchangelog template
269c99b
@juga0
new: Convert changelog to rst
2a7e672 
Leave CHANGELOG.md until there's an actual new release, in case
the unreleased changes are lost.
Once CHANGELOG.md is removed, update the symlinks.
@juga0
new: scripts: Add script to help new releases.
0f7fc57
@juga0
new: docs: Include script on how to release
5046e2f
teor2345
teor2345 suggested changes Feb 25, 2019
View reviewed changes
Copy link
Contributor

@teor2345 teor2345 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most of these changes look ok: I didn't check them in detail.

I have questions about scripts/maint/release.py .

scripts/maint/release.py Outdated Show resolved Hide resolved
CONTRIBUTING.rst Show resolved Hide resolved
teor2345
teor2345 reviewed Mar 9, 2019
View reviewed changes
scripts/maint/release.py Outdated Show resolved Hide resolved
teor2345
teor2345 reviewed Mar 9, 2019
View reviewed changes
scripts/maint/release.py Outdated Show resolved Hide resolved
teor2345
teor2345 reviewed Mar 11, 2019
View reviewed changes
scripts/maint/release.py
print("Obtaining Github tarball...")
# This will overwrite local tarball, but that's fine since the hash file
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overwriting the local tarball is only fine if the user reads the output of the script, and notices when the GitHub tarball is different. Please put the tarballs in separate files.

teor2345
teor2345 reviewed Mar 11, 2019
View reviewed changes
scripts/maint/release.py
)

print("Verifying Github tarball and local one are the same...")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand why we do a sha256 check, rather than a file diff check.
In fact, I'm not sure why we do this check at all?
Please add a comment explaining why it is important that GitHub matches our local tarball.

Are tarballs reproducible?
What happens if the tarballs are different?
Can they be different on different OSes?
Does GitHub guarantee that their tarballs are created with particular git and tar versions on a particular OS?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@teor2345 teor2345 teor2345 requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@juga0 @teor2345