Does Forgejo produce reproducible archives for Git repositories? #1325

Open
opened 2023-10-28 19:35:13 +00:00 by arcctgx · 1 comment

Comment

Similar to GitHub, Codeberg allows downloading source code archives using URLs such as:

https://codeberg.org/<OWNER>/<PROJECT>/archive/<TAG>.tar.gz

These archives are created on the fly when they're requested. Some time ago GitHub introduced a change on their end which caused archives created in this way to have different checksums than they were before. This caused widespread problems, and GitHub reverted the change [1].

My question is: what is Codeberg policy regarding archives created in this way? Are they guaranteed to be stable, i.e. can I be sure their checksums will never change, unlike GitHub?

[1] https://github.blog/2023-02-21-update-on-the-future-stability-of-source-code-archives-and-hashes/

### Comment Similar to GitHub, Codeberg allows downloading source code archives using URLs such as: `https://codeberg.org/<OWNER>/<PROJECT>/archive/<TAG>.tar.gz` These archives are created on the fly when they're requested. Some time ago GitHub introduced a change on their end which caused archives created in this way to have different checksums than they were before. This caused widespread problems, and GitHub reverted the change [1]. My question is: what is Codeberg policy regarding archives created in this way? Are they guaranteed to be stable, i.e. can I be sure their checksums will never change, unlike GitHub? [1] https://github.blog/2023-02-21-update-on-the-future-stability-of-source-code-archives-and-hashes/

My question is: what is Codeberg policy regarding archives created in this way? Are they guaranteed to be stable, i.e. can I be sure their checksums will never change, unlike GitHub?

I think this would be a question for Forgejo/Gitea rather than Codeberg itself, since Codeberg depends upon Forgejo (and Forgejo from Gitea).

> My question is: what is Codeberg policy regarding archives created in this way? Are they guaranteed to be stable, i.e. can I be sure their checksums will never change, unlike GitHub? I think this would be a question for Forgejo/Gitea rather than Codeberg itself, since Codeberg depends upon Forgejo (and Forgejo from Gitea).
n0toose added the
s/Gitea/Forgejo
question
labels 2023-11-10 13:04:20 +00:00
n0toose changed title from What is Codeberg policy regarding git archive stability? to Does Forgejo produce reproducible archives for Git repositories? 2023-11-10 13:04:36 +00:00
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Codeberg/Community#1325
There is no content yet.