You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the old csources repo there were several "releases" that could be easily downloaded without needing to clone the whole repo like so: https://github.com/nim-lang/csources/archive/v0.20.0/csources-0.20.0.tar.gz
Could you perhaps make a release here too please?
But only if you think it's a good idea, and if it doesn't create any difficulty with your GitHub account limitations. Say if you were building version X of Nim then it might be useful to be able to build that in future with the same version Y of csources_v1, but perhaps you intend that you should always use the latest version of csources_v1 with older releases of Nim, however I expect that might stop working at some point so it might be better to have some actual releases for reliable consistent builds, although you could still go back through the commit history and checkout an older version like that.
(Edit: this is in relation to looking at the possibility of updating the currently outdated Nim PKGBUILD in Arch which uses a checksummed download for security, so the built in download in the Nim build script may be less desirable.)
(Further edit: https://wiki.archlinux.org/title/Arch_package_guidelines#Package_sources
According to that a pgp signed tag or release would be even better, and this is probably one of the things keeping Nim stuck at 1.4, it wouldn't be a problem to edit the Nim build in the PKGBUILD to not do it's own unverified csources d/l)
The text was updated successfully, but these errors were encountered:
In the old csources repo there were several "releases" that could be easily downloaded without needing to clone the whole repo like so:
https://github.com/nim-lang/csources/archive/v0.20.0/csources-0.20.0.tar.gz
Could you perhaps make a release here too please?
But only if you think it's a good idea, and if it doesn't create any difficulty with your GitHub account limitations. Say if you were building version X of Nim then it might be useful to be able to build that in future with the same version Y of csources_v1, but perhaps you intend that you should always use the latest version of csources_v1 with older releases of Nim, however I expect that might stop working at some point so it might be better to have some actual releases for reliable consistent builds, although you could still go back through the commit history and checkout an older version like that.
(Edit: this is in relation to looking at the possibility of updating the currently outdated Nim PKGBUILD in Arch which uses a checksummed download for security, so the built in download in the Nim build script may be less desirable.)
(Further edit:
https://wiki.archlinux.org/title/Arch_package_guidelines#Package_sources
According to that a pgp signed tag or release would be even better, and this is probably one of the things keeping Nim stuck at 1.4, it wouldn't be a problem to edit the Nim build in the PKGBUILD to not do it's own unverified csources d/l)
The text was updated successfully, but these errors were encountered: