On Wed, 2007-02-14 at 13:45 -0800, Toshio Kuratomi wrote:
'''
= Referencing Source =
One of the design goals of rpm is to cleanly separate upstream
source from vendor modifications. For the Fedora packager, this
means that sources used to build a package should be the vanilla
sources available from upstream. To help reviewers and QA scripts
verify this, the packager needs to indicate where a reviewer can find
the source that was used to make the rpm.
caillon had this to say in the bug which spawned this:
'''
Looks good from the brief glance I took, but I strongly feel this whole
thing should be a "good practises" recommendation and not a requirement.
If you're trying to prevent against "bad" RPMs, well you're not going
to
do that if there are exceptions... Even for a good SRPM, someone could
simply fork an open source project, not have a repo other than the SRPM,
and distribute whatever code they want that way in extras,
theoretically. This has no bearing on the actual packaging or quality
of RPMs. It's only redeeming quality is that it might potentially help
with automated verification of upstream sources, but that does not exist
right now and that potential benefit should be enough to convince most
packagers to do this. There's simply no reason to make it a hard
requirement IMO other than because it's always been that way (which is
no real reason).
'''