Andrey Vihrov via arch-general
2018-08-01 20:41:12 UTC
Recently the way kernel sources are retrieved was changed in the linux
package . Now the sources are fetched from
I see a few problems with this:
- Previously the list of applied patches was very transparent. You could
immediately see that the kernel and kernel patch tarballs come from
kernel.org, and view individual extra patches. Now the code comes from a
non-kernel source, and cannot be verified as easily.
- Previously, if a new kernel version is released and is not yet in the
repos, you could more or less take the official linux PKGBUILD, change
one number and build it yourself. With the new layout it is not clear
how to achieve this.
- An often cited Arch policy is to use software as released by upstream
with minimal patching. What becomes of this policy if one of the core
packages builds from a technical fork instead of upstream?
If the patches from kernel.org will no longer be signed, as announced in
, then an alternative would be git tags from  and . It's
understandable if it may make development harder, nonetheless it would
allow for better transparency and follow upstream closer — just one