[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help needed for gatk



On Thu, 2016-01-28 at 16:26 +0100, Andreas Tille wrote:
> As far as I understand its renamed by the same author.

You're right. I didn't realize this.


> I perfectly agree - but I have no idea how to find the according
> source
> code.  I feel a bit unsafe to checkout the new repository and
> checkout
> the last commit with the old name.

Based on the history of the repo, it appears to be the same project by
the same author. I don't think it's too much of a stretch to use this
new repo. If you want to be extra cautious, you could compare source of
the sources.jar in maven central to one of the old tags in github to
see if there are any significant changes.

In fact, I believe most debian projects use a slightly different
version of plugins than what is called for in the project so that we
can deploy a single version in debian. Sometimes this means security
fixes. Other times, there is no benefit.

>   Or may be I should write a d/watch
> file containing
> 
> 
>    https://github.com/davidB/scala-maven-plugin/releases?after=3.1.1 
> .*/archive/v*(2\.[\d.-]+)\.(?:tar(?:\.gz|\.bz2)?|tgz)
> 
> 
> which is a bit weak but fetches (at least at this point in time) the
> latest version of scala-maven-plugin 2.x - which seems to be the old
> version you were suggesting to use.

The purpose of the watch file is to check for new releases. I believe
github releases are ordered by date, so you'll have to remove the
?after=3.1.1. If the author happens create a hotfix 2.x branch and
another release, you'll miss it since the new release would be before
(date ordered) 3.1.1.

I don't have any better ideas for you. It sounds like a good approach
to me. You could also send a patch upstream to upgrade to the latest
scala-maven-plugin which means less smoke and mirrors in the future.

Andrew

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: