Mailinglist Archive: opensuse-buildservice (206 mails)

< Previous Next >
Re: [opensuse-buildservice] tar_scm blocked in "source update running"
Am Montag, 31. Januar 2011, 22:22:40 schrieb Cristian Morales Vega:
2011/1/31 Adrian Schröter <adrian@xxxxxxx>:
No, and this is on purpose.

There must be the guarantee that the _service: files are really
generated
in the way the services are working. They are used to create the
required
trust in the uploaded sources. So it will never be allowed to upload
them.

Or we would be in the same situation that a packager or distro owner
needs to review all uploaded tar balls and check against their upstream
project manually.

This same problem could not be simulated using two SVN repos? I create
my own SVN repo, do the first checkout, and then change the _service
to point to the real SVN?
I don't really know enough about SVN internal working to say...

When you change the _service file, it is part of the source log.

The only way to trick this is to change it on the svn server or doing a
man in the middle attack.

The first would mean that did anyway a mistake to trust this upstream project
and the latter is not that easy to do...

bye
adrian

--
Adrian Schroeter
SUSE Linux Products GmbH
email: adrian@xxxxxxx

--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages