Naming issue for meego 1.0 related packages
Mattias Ellert
mattias.ellert at fysast.uu.se
Fri Jul 16 10:42:34 UTC 2010
fre 2010-07-16 klockan 18:26 +0800 skrev Chen Lei:
> I think using git repo for meego packages have more
> harm than benefit, because the most important feature for rpm is
> people can validate the md5sum of the source tarball easily. Unless
> special case we can't find a way to get reliable souce tarballs, I
> think it's better to use tarballs rather than get source files from
> VCS.
This is not a valid argument. The guidelines specify how to document in
the specfile how to reproduce a source tarball created from VCS. The
reviewer in order to verify the source recreates the source using the
given specification and compares his created copy with the one in the
SRPM. I agree that this comparison would normally have to be done using
diff -r rather than md5sum due to timestamps of directories and
differences in user and group assignments of the checked out files, but
the verification is still possible and valid.
A checkout used in a SRPM should of course be done by giving a tag,
revision or timestamp so that it can be reproduced at any later time.
Using head/trunk/master without any such specification is not
reproducible.
Mattias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2272 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20100716/aad7eaab/attachment.bin
More information about the devel
mailing list