On Thu, 2022-01-27 at 16:24 +0000, Jim Henderson wrote:
I wasn't really thinking about the build log there, more "here's the code that was specifically used to build this package so you can inspect it" - or "here's a changelog that shows what has changed and when" - while that's included in the polkit.changes output, it's not in the RPM itself, so users who want to make sure something is patched don't really have an obvious place to look to see if a security issue has been fixed.
the .changes file IS in the rpm: rpm -q --changelog polkit (to inspect the installed one) or rpm -qp --changelog /path/to/polkit.rpm (to inspect a not yet installed rpm)
he usage of SLE packages is a good thing and does make sense, but it seems there are some things that are less than ideal with this arrangement. Not being able to easily find the code for packages like this (I would never have thought to look under SUSE:SLE-15:Update even though I know SLE packages are used) is one such issue.
osc ls openSUSE:Leap:15.3:Update polkit
With 15.3 being your target, this seems much more intuitive and works too. osc less openSUSE:Leap:15.3:Update polkit polkit.changes (or any other file osc ls showed before) then works too to closer inspect things. Cheers, Dominique