On Mon, Mar 31, 2025 at 01:14:42PM +0200, Michael J Gruber wrote: > Let me also mention the case where we have to clean sources (proprietary > material) before committing to the look-aside cache. We should document > how to do so in spec. > > Ideally, one could: > - get original sources > - check upstream's signature > - apply the checked-in clean script (which creates a tarball) > - check that the results matches the look-aside hash in "sources".
This takes us down a slight tangent, but I wonder whether it actually makes sense to have every developer write their own "cleaning" script ? Is there scope for standardizing on the repack process using 'fedpkg' tools perhaps ? It feels like it ought to be possible to define a standard repack process that works from a text file that simply contains a list of filename globs to purge from a source archive. That gives us a declarative description of how the downstream tarball will differ from the upstream tarball, instead of an imperative description via countless custom shell scripts. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
