On Thu, Jun 24, 2021 at 11:07:45PM +0200, Miroslav Suchý wrote: > Dne 24. 06. 21 v 15:48 Tomas Tomecek napsal(a): > > > One thing to consider is that the upstream tarballs might be > > > cryptographically > > > signed and packages should verify the signature in %prep. > > This is a very good point - in such a case, we should always pull the > > official upstream tarball instead of generating a new one downstream > > Does it matter? If you are able to generate byte2byte identical > tarball then you can choose any of them.
If the upstream tarball contains generated files, chances of re-creating bytewise identical tarball is low, and for autotools based projects it is essentially zero. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
