Interesting. I'm using them in most of my PKGBUILDs together with once-recoreded SHA256 checksums, and I haven't noticed any reproducibility issues yet.
Cloning a repo is more intensive on Github's infrastructure then grabbing a zip file or tarball and pushing it into an object store with heavy caching in front of it. There was an open source project that was using excessive resources within Github's infrastructure by using git clone to update itself over a large audience.
I've been using https://github.com/webpro/release-it to automate releases. It requires your github key and for somereason my github key doesnt persist thru sessions but it works.
8 comments
[ 573 ms ] story [ 984 ms ] threadhttps://lists.gnu.org/archive/html/bug-guix/2017-10/msg00070...
Of course, you can just clone the git repo.
Isn't that a deterministic process? I thought if you zipped the same directory twice, you'd get exactly the same bits in the two archives.
Cloning a repo is more intensive on Github's infrastructure then grabbing a zip file or tarball and pushing it into an object store with heavy caching in front of it. There was an open source project that was using excessive resources within Github's infrastructure by using git clone to update itself over a large audience.
https://news.ycombinator.com/item?id=11245652
https://github.com/CocoaPods/CocoaPods/issues/4989#issuecomm...