Opened 4 months ago
Last modified 6 days ago
#13186 new Bug report
Stable way to fetch sources for packaging — at Version 1
| Reported by: | Robin Candau | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | FileZilla Client |
| Keywords: | Cc: | Robin Candau | |
| Component version: | Operating system type: | Linux | |
| Operating system version: |
Description (last modified by )
Hi,
I'm the Arch Linux package maintainer for the filezilla & libfilezilla packages [1][2].
Recently the website's download link for sources became unstable. The related ticket [3] was closed explaining that this was intentional, in order to prevent eventual infrastructure abuses.
While I totally understand the desire to avoid such potential abuses, this causes problems for downstream distributions packaging & redistributing filezilla / libfilezilla.
Indeed, due to its (now) unstable nature, the website download link cannot be used to fetch sources in our packaging workflow anymore (both to fetch valid sources and for reproducibility matters).
I studied switching to SVN sources but it seems tags are not created there anymore [4][5], so we can't really use that either (unless we pinpoint specific revisions but this isn't really desirable)...
As such, distributions have started mirroring filezilla / libfilezilla tarballs on their side (see Open-Suse [6], Alpine [7] & Gentoo [8] for instance).
Of course, this technically works, but this represents significative extra burdens in our packaging workflow and automation.
Can a solution be discussed? If a stable download link is not desirable on your side (regarding eventual infrastructure abuses), would you eventually consider creating tags again on the SVN repo so distributions can use that as a source for their packages?
Since the download page for filezilla [9] "highly recommends to use the package management system of distributions", I think it's fair to ask for a way to facilitate packaging for such distributions.
I remain available to discuss eventual solutions or if any additional information is needed!
[1] https://archlinux.org/packages/extra/x86_64/filezilla/
[2] https://archlinux.org/packages/extra/x86_64/libfilezilla/
[3] https://trac.filezilla-project.org/ticket/13159#no4
[4] https://svn.filezilla-project.org/filezilla/FileZilla3/tags/?sortby=date
[5] https://svn.filezilla-project.org/filezilla/libfilezilla/tags/?sortby=date#dirlist
[6] https://build.opensuse.org/projects/openSUSE:Factory/packages/filezilla/files/filezilla.spec#L=29
[7] https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/community/filezilla/APKBUILD#L24
[8] https://gitweb.gentoo.org/repo/gentoo.git/tree/net-ftp/filezilla/filezilla-3.68.1.ebuild#n15
[9] https://filezilla-project.org/download.php?type=client
