From 9474cc2594c8643301164500ce6eb62546da2b8f Mon Sep 17 00:00:00 2001
From: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Date: Sun, 3 May 2015 17:37:40 +0200
Subject: manual: Add notes about GitHub and hashes

We can't take hashes from GitHub, unless the tarball has been uploaded by
the maintainer, otherwise it is generated and may change over time,
which renders hash files useless.

[Peter: slightly reword]
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 docs/manual/adding-packages-directory.txt | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'docs')

diff --git a/docs/manual/adding-packages-directory.txt b/docs/manual/adding-packages-directory.txt
index 6c478c2fd..3d0982fee 100644
--- a/docs/manual/adding-packages-directory.txt
+++ b/docs/manual/adding-packages-directory.txt
@@ -441,6 +441,13 @@ provide any hash, or only provides an +md5+ hash, then compute at least one
 strong hash yourself (preferably +sha256+, but not +md5+), and mention
 this in a comment line above the hashes.
 
+.Note
+If +libfoo+ is from GitHub (see xref:github-download-url[] for details), we
+can only accept a +.hash+ file if the package is a released (e.g. uploaded
+by the maintainer) tarball. Otherwise, the automatically generated tarball
+may change over time, and thus its hashes may be different each time it is
+downloaded, causing a +.hash+ mismatch for that tarball.
+
 .Note
 The number of spaces does not matter, so one can use spaces (or tabs) to
 properly align the different fields.
-- 
cgit v1.2.3