Stack: cannot complete repo info for a non sha1 commit, but it's just a short version?

https://github.com/commercialhaskell/stack/blob/0b2c555c3080ea374179416b00d3afa78dfbabdf/subs/pantry/src/Pantry.hs#L759 is the culprit.

Note that this also prevents from using tags

Does anyone know if this is still an ongoing issue? I tried to look @Keruspe code, But I couldn't find it. I could help with a PR to allow tags again. I've been using stack 1.9.3 because any newer version presents this issue:

Cannot complete repo information for a non SHA1 commit due to non-reproducibility: Git repo at [email protected]:org/repo, commit v1.0.0

If I'm understanding the situation correctly, this is by design, working as intended. The idea is that disallowing non-SHA1 commits is a necessary condition for Stack builds to be reproducible. This is true, because tags are pointers to commits and the commit they refer to can change. While it is nice from a usability standpoint to be able to refer to tags in our Stack configurations, it does prevent Stack from having a reproducible build property.

Maybe users should be able to pass Stack an option to allow for non-SHA1 commits. This could make sense for use cases like Holland and Hart, where we control all the repos we're pointing to using non-SHA1 commit references, and we trust ourselves, and any failures of reproducibility due to allowing non-SHA1 commits would be intended by us. However, I could still see the potential for unintended consequences / headaches due to pursuing such a policy direction of intentionally allowing for changes in Github to break our builds.

The idea is that disallowing non-SHA1 commits is a necessary condition for Stack builds to be reproducible.

Stack builds are not reproducible at all. That would require much more work. Stack just picks fixed versions of dependencies. That is not what a reproducible build is.

This is true, because tags are pointers to commits and the commit they refer to can change.

This ticket is not about tags, but short versions of SHA1.