[HTTPS-Everywhere] xpi building, tagging and distribution

Peter Eckersley pde at eff.org
Tue Nov 2 17:08:42 PDT 2010 

Daniel,

We're still learning to use git for the first time, so we may do some stuff
that's non-optimal.  There's now a tag for 0.2.3.development.2.  I won't get
rid of the xpis from the repo until we've had a chance to go back and tag them
correctly, but I won't add any more, either.

Still happy to cherry pick any fixes you want to make to makexpi.sh, but
personally I don't understand why its verbosity is really a problem ;).

On Mon, Oct 25, 2010 at 12:18:32PM -0400, Daniel Kahn Gillmor wrote:
> hi folks--
> 
> I know the https-everywhere project has just switched to git, so there
> might be some growing pains right now.  i'd like to make a few
> (hopefully helpful) suggestions about the https-everywhere git
> repository and the xpi build process:
> 
> 
> makexpi cleanup
> ===============
> 
> makexpi.sh seems to take 32 lines to run "zip -X -9r $target ./"   If
> this code is being built from git, you don't even need the dependency on
> zip, because you can use:
> 
>  (cd src && git archive -9 --format=zip HEAD) > https-everywhere.xpi
> 
> (replace HEAD with any tag or branch marker if you prefer to build a
> specific tag or branch)
> 
> git tagging
> ===========
> 
> I see no tags in the canonical upstream repository; it'd be nice to see
> a tag for each public release, and maybe a tag for each development
> release, since these seem to be stable.  You can also sign your git
> tags, so people can verify their releases explicitly by re-building them
> with the above git-archive command.
> 
> If you're making tags, but were unaware that they're not published, you
> need to "git push origin --tags" (replace "origin" with whatever your
> local configuration calls the push target, of course) to get them out in
> public.
> 
> keeping .xpis in the repo
> =========================
> 
> i see that the upstream repo is publishing pre-built .xpi files within
> the repository itself.  I think this is a suboptimal use of the git
> repo.  Folks who pull from git shouldn't need the .xpis directly (they
> can build from tags), and folks who don't pull from git won't care that
> they're there anyway.
> 
> Why clutter the repo's commit history, and make synchronization more
> costly?  I'd be happy to set up a service to auto-build and publish (via
> http or https) from every signed tag of a given format, if that would be
> useful.
> 
> 
> hth,
> 
> 	--dkg
> 



> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere


-- 
Peter Eckersley                            pde at eff.org
Senior Staff Technologist         Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

More information about the HTTPS-everywhere mailing list