> On 21 Jul 2021, at 20:25, Peter Eisentraut <peter.eisentraut@enterprisedb.com> wrote:
>
> On 15.07.21 10:33, Magnus Hagander wrote:
>> I think it'd be useful to be able to identify exactly which git commit
>> was used to produce a tarball. This would be especially useful when
>> downloading snapshot tarballs where that's not entirely clear, but can
>> also be used to verify that the release tarballs matches what's
>> expected (in the extremely rare case that a tarball is rewrapped for
>> example).
>
> Or we could do what git-archive does:
>
> Additionally the commit ID is stored in a global extended
> pax header if the tar format is used; it can be extracted using git
> get-tar-commit-id. In ZIP files it is stored as
> a file comment.
That does adds Git as a dependency for consuming the tarball though, which
might not be a problem but it's a change from what we require today.
--
Daniel Gustafsson https://vmware.com/
