GNU bug report logs - #44863
Warning about importing a MELPA package

Previous Next

Package: guix;

Reported by: Zhu Zihao <all_but_last <at> 163.com>

Date: Wed, 25 Nov 2020 09:58:01 UTC

Severity: normal

To reply to this bug, email your comments to 44863 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#44863; Package guix. (Wed, 25 Nov 2020 09:58:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Zhu Zihao <all_but_last <at> 163.com>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Wed, 25 Nov 2020 09:58:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Zhu Zihao <all_but_last <at> 163.com>
To: bug-guix <at> gnu.org
Subject: Warning about importing a MELPA package
Date: Wed, 25 Nov 2020 17:57:08 +0800

[Message part 1 (text/plain, inline)]
ELPA importer supports MELPA[1] currently. But MELPA is a rolling
archive, which does not persist any old version tarball of
package, and harmful for reproducible build.

It's still useful for Guix packager to import package from MELPA to
draft a sketch of Emacs package, but it's not a reliable download
service. We may better warn user don't submit package which download url
belongs to MELPA. Maybe emit warning while executing `guix import elpa -a
melpa XXX`, or writing this rule to manual.

[1]: the stable archive is "MELPA stable", I use term "MELPA" to refer
to the unstable one.

-- 
Retrieve my PGP public key: https://meta.sr.ht/~citreu.pgp

Zihao

[signature.asc (application/pgp-signature, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#44863; Package guix. (Mon, 07 Dec 2020 09:18:01 GMT) Full text and rfc822 format available.

Message #8 received at 44863 <at> debbugs.gnu.org (full text, mbox):

From: Carlo Zancanaro <carlo <at> zancanaro.id.au>
To: Zhu Zihao <all_but_last <at> 163.com>
Cc: 44863 <at> debbugs.gnu.org
Subject: Re: bug#44863: Warning about importing a MELPA package
Date: Mon, 07 Dec 2020 20:17:26 +1100

On Wed, Nov 25 2020, Zhu Zihao wrote:
> ... We may better warn user don't submit package which download 
> url belongs to MELPA. Maybe emit warning while executing `guix 
> import elpa -a melpa XXX`, or writing this rule to manual.

I submitted a patch a while ago to make the MELPA importer pull 
the latest git commit (at the time of import) and use that as the 
source. The importer has to do a bit more work (eg. appropriately 
setting #:files in the Guix package).

You can find my patch at https://issues.guix.gnu.org/issue/38769 
but unfortunately it no longer applies cleanly to master. I'll 
take a look at fixing it up.
Information forwarded to bug-guix <at> gnu.org:
bug#44863; Package guix. (Mon, 07 Dec 2020 09:55:02 GMT) Full text and rfc822 format available.

Message #11 received at 44863 <at> debbugs.gnu.org (full text, mbox):

From: Carlo Zancanaro <carlo <at> zancanaro.id.au>
Cc: Zhu Zihao <all_but_last <at> 163.com>, 44863 <at> debbugs.gnu.org
Subject: Re: bug#44863: Warning about importing a MELPA package
Date: Mon, 07 Dec 2020 20:54:46 +1100

On Mon, Dec 07 2020, Carlo Zancanaro wrote:
> ... unfortunately it no longer applies cleanly to master.

Actually, I think I was wrong about this. I must have done 
something wrong when I tried to apply the patch before sending my 
email. When I tried again it worked, and it seems to be fetching 
the git references properly.
This bug report was last modified 3 years and 133 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.