[mythtv] Found a severe decoding bug in mythffplay
Craig Treleaven
ctreleaven at cogeco.ca
Thu May 10 18:36:15 UTC 2012
At 4:19 PM -0400 5/6/12, Raymond Wagner wrote:
>On 5/6/2012 15:59, Craig Treleaven wrote:
>>At 1:42 AM -0400 5/5/12, Michael T. Dean wrote:
>>>Yeah, I don't think it's worth doing nightly tarballs or anything.
>>>
>>>Then again, I'd love to just remove the tarballs from our website and
>>>let users/packagers either clone the repo with git or use github
>>>tarball links.
>>>
>>
>>Mike, I was looking at packaging Myth for OS X via MacPorts. The folks
>>there are strongly biased against pulling from version control systems
>>because:
>>-security. Verifying checksums on a tarball gives quite strong
>>assurance that no malicious changes have been introduced since the
>>packager looked at it.
>>-repeatability. More chance that the user's install will succeed and
>>function as intended.
>>-availability. Tarballs can be mirrored on their site to increase
>>availability (and a recent email from Stuart Morgan indicates this is a
>>non-trivial problem with GitHub).
>
>So I still don't see how the Github tarball links fail to meet any
>of those requirements. In case you're unaware, you can pull a
>tarball for any SHA1 hash, and not simply tags and branch heads.
>While the tarballs are only cached by Github for a brief period, and
>auto-generated otherwise, their checksums are consistent.
Sorry for being dense but how do I go about pulling a tarball for a
specific commit hash? I downloaded a zipball of the latest fixes and
the link was:
https://nodeload.github.com/MythTV/mythtv/zipball/fixes/0.25
This got me MythTV-mythtv-v0.25-84-g9ccfac1.zip
How can I fetch this again (say with curl)?
Craig
More information about the mythtv-dev
mailing list