directory-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU-linux-libre] Developing free non-gnu operating systems

From: Matias Fonzo
Subject: Re: [GNU-linux-libre] Developing free non-gnu operating systems
Date: Fri, 08 Oct 2021 20:42:25 -0300
User-agent: Roundcube Webmail/1.4.11 
El 2021-10-06 16:55, Denis 'GNUtoo' Carikli escribió:

On Wed, 6 Oct 2021 17:12:38 +0300
Jean Louis <bugs@gnu.support> wrote:

I have not unpacked it to see and verify. That you say something is
possible, I know this, but I wish to see real world practical example
of compliance to GPLv2/v3.


This is a real world example, and the information that you are looking
for is in the two READMEs that are in the same directory, especially
README.source that has the following:

== How was this source tarball was made ==
The tarball was made with Guix[1], on an x86_64 computer with the
following commands:
    tar cf sz1lkq3ryr5iv6amy6f3d2pziks27g28-sources.tar \
        `guix time-machine \
            --branch=master \
            --commit=f9bd4621dd92a9415276706b476b9bd2973411fa -- \
            build \
                --sources=transitive \
                git-repo le-certs nss-certs git python-certifi`
    xz -9e --verbose sz1lkq3ryr5iv6amy6f3d2pziks27g28-sources.tar

Since there are only 4 files in that directory and that one is called
README.source.txt, it's really hard to miss it, so I assume your concern 
is probably that you want the READMEs to be included in the tarballs.

In that case, if you want to redistribute the *-sources.tar.xz (I
abbreviated the name for convenience), you can simply do it with:

tar cf replicant_repo_28-01-2021_sources.tar \
 sz1lkq3ryr5iv6amy6f3d2pziks27g28-sources.tar.xz \
 README.sources.txt


And redistribute the replicant_repo_28-01-2021_sources.tar tarball.

And inside that README.source.txt not only it explains that
*-sources.tar.xz is the complete and corresponding source code, but it
also says exactly which commands were used to make that source tarball.

So you can even reuse that information to get also do source code
releases yourself if you ever want to distribute binaries made with
Guix (which is what that information was meant for), or you could also
adapt it to get the source code of any package that can be installed
through Guix (which is what we are talking about here).

And the README.source.txt includes even information about
reproducibility and so on if you want to check the binary releases, and
the two READMEs are signed and contains instructions to verify the
two tarballs too, so it's hard to do it better.
Note, distributing under the xz format sucks![1]. Its competitor in quality offers not only a better license (adequate for free software projects), but is also better prepared for reproducibility[2]. 

[1] http://lzip.nongnu.org/xz_inadequate.html
[2] http://lzip.nongnu.org/safety_of_the_lzip_format.html


[..]
reply via email to
[Prev in Thread] Current Thread [Next in Thread]