Christophe Pettus <xof@thebuild.com> writes:
>> On Jul 28, 2021, at 14:02, Dave Page <dpage@pgadmin.org> wrote:
>> No that is not the case, at least for community and EDB packages. It might be the case for upstream distributors
though(eg. OS vendors).
> They all pull from the community Git repo, though, correct?
I do not think Red Hat does that; they prefer identifiable released
tarballs. I've not worked there in nigh ten years, but I still see
this in their PG specfile:
Source0: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2
and I clearly recall that there were cross-checks in their build process
that tarball components of an SRPM matched what could be fetched from
the stated URL. Maybe now they have a process that works with direct git
pulls, but they're not using that method with us.
Can't speak to non-RH-based distros.
regards, tom lane