[Bug 551743] Review Request: cnucnu - Upstream release monitoring with bug reporting

bugzilla at redhat.com bugzilla at redhat.com
Sun Jan 10 20:10:56 UTC 2010


Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=551743

--- Comment #8 from Till Maas <opensource at till.name> 2010-01-10 15:10:55 EST ---
(In reply to comment #7)

> The only thing keeping me from approving this package is that I still can't
> verify the integrity of the snapshot. This is a bit odd because a diff -qrN
> against the extracted files of the provided source and the extracted files of
> the snapshot I downloaded clearly tells me that there is no difference.
> Maybe that is due to the way gitweb creates it's snapshots. However I would
> feel more comfortable if someone else could confirm this.    

The tarballs from gitweb differ in the MTIME of the tar file, which is stored
in the header of gzip:
http://www.gzip.org/zlib/rfc-gzip.html#file-format

If you just apply gunzip on the tar.gz files, you will notice, that the
uncompressed tarballs are identical.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.



More information about the package-review mailing list