| |||||||||||||
DownloadingDownloadingPosted Mar 10, 2010 12:00 UTC (Wed) by epa (subscriber, #39769)In reply to: Downloading by tseaver Parent article: Mercurial 1.5 released
Why is a tarball more useful? More familiar, yes. But apart from 'we have always done it that way', what is the advantage to getting a certain collection of bits by uncompressing a tarball, compared to getting exactly the same bits using a pull command? Indeed, pulling a particular SHA-signed revision gives you a much stronger guarantee you're getting the right thing rather than some trojaned version.
(Log in to post comments)
Downloading Posted Mar 10, 2010 16:44 UTC (Wed) by mpr22 (subscriber, #60784) [Link] Getting the sources as a tarball: Click link in web browser. Save tarball. Unpack tarball with archiver. Getting the sources of a VCS tool with a VCS tool: Egg, meet chicken. Getting the sources of a general app whose VCS system isn't one I have the tool for installed on my system: Why should I install a VCS tool I'm not actually going to use for version control just so I can build this app's supposed production-quality release from source? Slurping from VCS is fine for developers, and for users wanting to run the bleeding-edge it-compiles-on-my-machine-honest-guv versions of things, but for people wanting to install the latest production version of something that their distro doesn't have a recent package of and the authors don't package as binaries, I think "tarball" wins over "slurp from VCS" every time.
|
|||||||||||||