manual: Add notes about GitHub and hashes

We can't take hashes from GitHub, unless the tarball has been uploaded by
the maintainer, otherwise it is generated and may change over time,
which renders hash files useless.

[Peter: slightly reword]
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/docs/manual/adding-packages-directory.txt b/docs/manual/adding-packages-directory.txt
index 6c478c2fdaa2a95aebb4e3f4c5d5de9872cc8a04..3d0982feed02ae4c7be68a9aa3c4855aa877b530 100644 (file)
--- a/docs/manual/adding-packages-directory.txt
+++ b/docs/manual/adding-packages-directory.txt
@@ -441,6 +441,13 @@ provide any hash, or only provides an +md5+ hash, then compute at least one
 strong hash yourself (preferably +sha256+, but not +md5+), and mention
 this in a comment line above the hashes.
 
+.Note
+If +libfoo+ is from GitHub (see xref:github-download-url[] for details), we
+can only accept a +.hash+ file if the package is a released (e.g. uploaded
+by the maintainer) tarball. Otherwise, the automatically generated tarball
+may change over time, and thus its hashes may be different each time it is
+downloaded, causing a +.hash+ mismatch for that tarball.
+
 .Note
 The number of spaces does not matter, so one can use spaces (or tabs) to
 properly align the different fields.