Dominique Leuenberger wrote:
On Thu, 2024-04-04 at 14:39 +0200, Andreas Stieger via openSUSE Factory wrote:
On 2024-04-04 13:24, Ben Greiner wrote: I always use the GitHub URL (github.com/org/pkg/pull/NNN.patch#/pkg-prNNN-shortdesc.patch) when possible in order to have a stable version. But sometimes you have to apply patches which have not been merged yet. In that case, there might be later additional commits (relevant or not) and the URL will yield a different patch which a bot in factory will complain about. So you leave out the URL and only reference it by comment. You may have missed that unmerged commits from pull requests have an immutable commit ID that you can reference.
Referencing full URLS is always nice - also for patches; but we can't enforce it by policy (only recommend) - and of course _service files have the UrL in there (then the Source: in spec is without URL)
Typical examples are: * Package maintainers writes a patch to build against an older/newer lib which still carry (upstream might be interested) * upstreams PR is against git/main - we might be on a slightly older version (could be even latest tag) and the patch does not apply cleanly. The packager will base his work off of upstream, but the URL won't be valid * Not everybody uses git - and thus not every patch exists as URL (sourceforge, looking at you!)
These are all examples of patches, in which case I agree there are such corner cases where we might not be able to make them 100% traceable. For SourceN tarballs, on the other hand, I think we could make the guidelines stricter, i.e. require Source<N> to either have a full URL or be generated from _service, while only making it recommended for patches. Could we not? I also wonder what the current state of Factory is. Are there packages in Factory where Source0 itself is completely local, for instance? Best wishes -- Atri