From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 187A748F25
	for <ffmpegdev@gitmailbox.com>; Sat, 30 Mar 2024 20:30:54 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6CDA668C4F1;
	Sat, 30 Mar 2024 22:30:51 +0200 (EET)
Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com
 [209.85.216.48])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A2D1B68C234
 for <ffmpeg-devel@ffmpeg.org>; Sat, 30 Mar 2024 22:30:44 +0200 (EET)
Received: by mail-pj1-f48.google.com with SMTP id
 98e67ed59e1d1-29ddfd859eeso2451118a91.1
 for <ffmpeg-devel@ffmpeg.org>; Sat, 30 Mar 2024 13:30:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ob-encoder-com.20230601.gappssmtp.com; s=20230601; t=1711830641; x=1712435441;
 darn=ffmpeg.org; 
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :from:to:cc:subject:date:message-id:reply-to;
 bh=ooKnSaq4YGb4TqWBRlJz0I5IFZObqumnxznudkXfY+4=;
 b=wUKOT6OMV12aC0IT9erXQAB3s8ENKrT5eDx11QcuqbZi1txCu3e4ZYkcBsWbkidXoJ
 4N626NsLXuzNAgEduyuTAsrLxy6FBs9J0PUJ1FLaHobybyCT9++UyGWgRzXt5IMC61d/
 mjNSwY5/07wrb8tWXZQiy7WRrwiOH5W3xqwnH2T+5waTcWJxAsvC6Yl5q2aEcOgP4E2k
 YK7gVSC4ANFNiRlYFI/Sk5fTAP2a4KF82VS0eVdAb9tulFyEN1hqNutq+Ajy1eF3ro9p
 wo+Y1Rzq8djP8znQQJN2MQ5kNRz0IBiBEtabG5FIFmtb/sik+s13YvpK91uVeEMM2fqK
 j5OA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1711830641; x=1712435441;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=ooKnSaq4YGb4TqWBRlJz0I5IFZObqumnxznudkXfY+4=;
 b=XqfPiGfHlmj+GwgfOHo9qJf+/NIj3ogrrj1FGcMi8FENEPYJc00x4MVvdm7tAp3Rmi
 KRHSwug0ngm4VAL9OfnJgez+bMmewkA43zpzWYhHFSneDPzdct09AcRUJyIPyGUU6gEc
 8rKunpvovP1UDS+zpJjHh07s7evmL1ZM822vEVMt9svh/oF0Z1ueJYRdePWqgEbjKpH2
 dnkGdaM2zySXYE78QQlb7Xl7AZgvrY8wfsuOdKrVeOt5xbF3k0J4zKxsSoGYGFZfeDZ1
 kMTRII5Jtb69siueNwwuR7Tz0m0X5hMaAxLN6+9L89z8U1TFtTWtnpT59U8anrZZ2EJi
 TtyQ==
X-Gm-Message-State: AOJu0YyngJOL+Va46V73i5+jAig87oKrHpx2c3OYzDTm9Dlbs2bw7GLh
 YixIIFuGOr9ZXZFUcLvSbh8+AY6uET/IpPnm2oMFmfRnKnFvorsoLkGx4fNYFSc3A6XdEI0TArA
 xkgJO0F5a4IfqJH1E9ZfpfDFj+fQ3xnvP1tl8DMX+KG98OvT/
X-Google-Smtp-Source: AGHT+IHVD/7wMZE7wkC1BZ75QL9VqCokwfkYsp1cyeY3O26z90+rKcXL8wLyGDbM+EcPcUNhY7CWvDw6/y/SNj5XJCs=
X-Received: by 2002:a17:90b:358f:b0:2a2:bd:3730 with SMTP id
 mm15-20020a17090b358f00b002a200bd3730mr5306123pjb.1.1711830641163; Sat, 30
 Mar 2024 13:30:41 -0700 (PDT)
MIME-Version: 1.0
References: <20240330140225.3395-1-michael@niedermayer.cc>
 <ef8a2c6f-1790-4eb9-a3ea-5334f2acf3d2@gmail.com>
 <20240330173039.GW6420@pb2>
In-Reply-To: <20240330173039.GW6420@pb2>
From: Kieran Kunhya <kierank@obe.tv>
Date: Sat, 30 Mar 2024 20:30:29 +0000
Message-ID: <CAK+ULv6QvdwuHGK8op5--isAUiJrevoW_doF1oOP8AGUxAeCGA@mail.gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
Subject: Re: [FFmpeg-devel] [PATCH] web/download: Extend the verification
 procedure to check for difference between git and release tarball
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/CAK+ULv6QvdwuHGK8op5--isAUiJrevoW_doF1oOP8AGUxAeCGA@mail.gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

On Sat, 30 Mar 2024 at 17:30, Michael Niedermayer <michael@niedermayer.cc>
wrote:

> On Sat, Mar 30, 2024 at 11:51:17AM -0300, James Almer wrote:
> > On 3/30/2024 11:02 AM, Michael Niedermayer wrote:
> > > Iam not 100% sure this is the best place to put this. But we should
> somewhere
> > > describe what differences are expected
> > >
> > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > > ---
> > >   src/download | 34 ++++++++++++++++++++++++++++++++++
> > >   1 file changed, 34 insertions(+)
> > >
> > > diff --git a/src/download b/src/download
> > > index 0e6fa7e..34733de 100644
> > > --- a/src/download
> > > +++ b/src/download
> > > @@ -284,6 +284,40 @@ gpg:                using RSA key
> FCF986EA15E6E293A5644F10B4322F04D67658D8
> > >   gpg:                issuer "ffmpeg-devel@ffmpeg.org"
> > >   gpg: Good signature from "FFmpeg release signing key &
> lt;ffmpeg-devel@ffmpeg.org&gt;" [full]</pre>
> > >         </li>
> > > +      <li>
> > > +        Verify that the release tarball matches the git tag:
> (expected differences are missing .git, .gitignore and .gitattributes and
> an additional VERSION file)
> > > +        <pre>
> > > +        $ diff -ru ffmpeg-5.1.4 gitdir2
> > > +Only in gitdir2/doc/doxy: .gitignore
> > > +Only in gitdir2/doc/examples: .gitignore
> > > +Only in gitdir2/doc: .gitignore
> > > +Only in gitdir2/ffbuild: .gitignore
> > > +Only in gitdir2: .git
> > > +Only in gitdir2: .gitattributes
> > > +Only in gitdir2: .gitignore
> > > +Only in gitdir2/libavcodec: .gitignore
> > > +Only in gitdir2/libavcodec/tests: .gitignore
> > > +Only in gitdir2/libavdevice: .gitignore
> > > +Only in gitdir2/libavdevice/tests: .gitignore
> > > +Only in gitdir2/libavfilter: .gitignore
> > > +Only in gitdir2/libavfilter/opencl: .gitignore
> > > +Only in gitdir2/libavfilter/tests: .gitignore
> > > +Only in gitdir2/libavformat: .gitignore
> > > +Only in gitdir2/libavformat/tests: .gitignore
> > > +Only in gitdir2/libavutil: .gitignore
> > > +Only in gitdir2/libavutil/tests: .gitignore
> > > +Only in gitdir2/libswresample/tests: .gitignore
> > > +Only in gitdir2/libswscale/tests: .gitignore
> > > +Only in gitdir2/tests/api: .gitignore
> > > +Only in gitdir2/tests/checkasm: .gitignore
> > > +Only in gitdir2/tests: .gitignore
> > > +Only in gitdir2/tools: .gitignore
> > > +Only in ffmpeg-5.1.4: VERSION
> > > +        </pre>
> > > +      </li>
> > > +      <li>
> > > +        Verify that the tag in git is signed
> >
> > The tags are signed with your key made for this purpose,
> > DD1EC9E8DE085C629B3E1846B18E8928B3948D64, and not with the tarball one
> > listed above. You should include it here the same way, unless the
> signature
>
> yes but before doing that, do you think this is the best place to put all
> this?
>

Putting this on a web host run by people we've never met before is a
perfect place to put this information.

Kieran
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".