[HTTPS-Everywhere] xpi building, tagging and distribution

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Oct 25 09:18:32 PDT 2010 

hi folks--

I know the https-everywhere project has just switched to git, so there
might be some growing pains right now.  i'd like to make a few
(hopefully helpful) suggestions about the https-everywhere git
repository and the xpi build process:


makexpi cleanup
===============

makexpi.sh seems to take 32 lines to run "zip -X -9r $target ./"   If
this code is being built from git, you don't even need the dependency on
zip, because you can use:

 (cd src && git archive -9 --format=zip HEAD) > https-everywhere.xpi

(replace HEAD with any tag or branch marker if you prefer to build a
specific tag or branch)

git tagging
===========

I see no tags in the canonical upstream repository; it'd be nice to see
a tag for each public release, and maybe a tag for each development
release, since these seem to be stable.  You can also sign your git
tags, so people can verify their releases explicitly by re-building them
with the above git-archive command.

If you're making tags, but were unaware that they're not published, you
need to "git push origin --tags" (replace "origin" with whatever your
local configuration calls the push target, of course) to get them out in
public.

keeping .xpis in the repo
=========================

i see that the upstream repo is publishing pre-built .xpi files within
the repository itself.  I think this is a suboptimal use of the git
repo.  Folks who pull from git shouldn't need the .xpis directly (they
can build from tags), and folks who don't pull from git won't care that
they're there anyway.

Why clutter the repo's commit history, and make synchronization more
costly?  I'd be happy to set up a service to auto-build and publish (via
http or https) from every signed tag of a given format, if that would be
useful.


hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20101025/8f15d748/attachment.sig>

More information about the HTTPS-everywhere mailing list