On Thu, Feb 13, 2014 at 11:30:23AM -0600, Dennis Gilmore wrote:
If ponting people at koji is good enough that's okay. The images will be
made available somewhere on the download server and via mirrors say
but to get the sources you would need to either go to koji where only
unsigned copies are easily available sometimes the only copy available.
We do clean up the signed copy of older updates, we keep the signature
header and can reattach it if needed. or you need to look through the
Base release or updates source trees where the signed copy of the rpm
will be available. With knowledge you can always get the source from
My concern is over how easily do we need to make the source
available? does the source need to be available in the same location as
do I need to have a source tree at
/pub/fedora/linux/releases/21/Update1/SRPMS/ for instance to match
above do we need to add a README.Sources or similar file that points
the user to where to get the sources or do we not need to do anything?
Add a README.Sources or similar file that points the user to where to
get the sources. They don't have to be available in the same location
as the binaries, but they have to remain available for as long as
Fedora is making the images available (which I assume would be the
case if you point people to koji).
You can assume that the reader of README.Sources (or whatever) has the
technical skill and knowledge of an average Fedora packager.