[Fedora-packaging] DRAFT: SourceURL addition/clarification - Git Hosting Services
Toshio Kuratomi
a.badger at gmail.com
Sat Jun 27 14:40:23 UTC 2015
On Jun 26, 2015 9:30 PM, "Kevin Fenzi" <kevin at scrye.com> wrote:
> In the final case, if the checksum differed it meant that the
> maintainer made a mistake uploading or upstream changed the same
> release after it was released.
Or somewhere between upstream and us the tarball was modified (someone
hacked github, someone gained commit to upstream and then tried top cover
their tracks, a malicious package maintainer on our side, etc) This is the
case that we definitely want to raise warning flags about.
-Toshio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/packaging/attachments/20150627/1379e811/attachment.html>
More information about the packaging
mailing list