© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Using a pre-release tag would work for us since we are not updating to them.
I think we are fetching from GitHub because the pypi tarball was maybe missing test files or some other files but I would need to double check that.
Generally fetching sources from Pypi has not the highest reputation since it can easily be altert and must not match the real source code.
Since we are building from source we're not using the prebuild wheels.
For downloading we are using a TOFU model where we hash the downloaded source. If the tag is moved and something is changed in the source code, even unrelated files like README or ci files, we get a different hash and builds are failing when not cached yet.