Source file audit - 2014-01-05
a.badger at gmail.com
Tue Jan 7 18:31:00 UTC 2014
On Tue, Jan 07, 2014 at 09:25:36AM +0100, Simone Caronni wrote:
> On 6 January 2014 20:53, Kevin Fenzi <kevin at scrye.com> wrote:
> Downloading the file again gives a different md5sum, but the release tarball is
> the same, so probably the archive has been regenerated.
> What's the procedure to update the source files in the lookaside cache when the
> file name has not changed? fedpkg new-sources does not allow me to do it:
This should work.
> $ fedpkg new-sources dkms-188.8.131.52.tar.gz
> Uploading: 11a8aaade2ebec2803653837c7593030 dkms-184.108.40.206.tar.gz
> File already uploaded: dkms-220.127.116.11.tar.gz
> Uploaded and added to .gitignore:
> Source upload succeeded. Don't forget to commit the sources file
Looking at the lookaside cache directly, it looks like that file has been
uploaded previously (in lookaside, there's currently two tarballs for
dkms-18.104.22.168.tar.gz with two separate md5sums). Has the upstream perhaps
released a tarball, released a new tarball, and then reverted to the
One option is to change the sources file to reflect the new md5sum.
You may also want to check that the new tarball and the tarball in the
lookaside cache *really* are the same. A hash collision is unlikely but if
that were the case we'd want to be extra certain about what's going on
before blindly accepting the changed tarball.
You can retrieve the tarballs in lookaside directly from here:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 181 bytes
Desc: not available
More information about the devel