fre 2010-07-16 klockan 18:26 +0800 skrev Chen Lei:

> I think using git repo for meego packages have more
> harm than benefit, because the most important feature for rpm is
> people can validate the md5sum of the source tarball easily. Unless
> special case we can't find a way to get reliable souce tarballs, I
> think it's better to use tarballs rather than get source files from
> VCS.

This is not a valid argument. The guidelines specify how to document in
the specfile how to reproduce a source tarball created from VCS. The
reviewer in order to verify the source recreates the source using the
given specification and compares his created copy with the one in the
SRPM. I agree that this comparison would normally have to be done using
diff -r rather than md5sum due to timestamps of directories and
differences in user and group assignments of the checked out files, but
the verification is still possible and valid.

A checkout used in a SRPM should of course be done by giving a tag,
revision or timestamp so that it can be reproduced at any later time.
Using head/trunk/master without any such specification is not


Attachment: smime.p7s
Description: S/MIME cryptographic signature

devel mailing list

Reply via email to