Sascha Peilicke wrote:
On Mon, 21 Mar 2011, Adrian Schröter wrote:
I like to propose a new policy for Factory regarding our package source handling with the goal that our package sources are upgradable, modifyable and trustable by any other developer.
Please find my proposal here:
http://lizards.opensuse.org/2011/03/21/policy-proposal-for-factory-make-s ource-of-tar-balls-trackable/
And please drop some comments as reply to this mail :)
The use of source services makes the build process less transparent (how do you build such with just rpmbuild? Build once in OBS and then download a source rpm?). Why not just provide tarball URL and MD5/SHA checksum in the rpm spec file? I really do not like adding other non-standard metadata ontop of what we already have. Actually, this is what I'd like to see too. However, AFAIK the download_url service already uses the URL found in the Source tag. Having that info
On Monday 21 March 2011 11:25:06 Richard Guenther wrote: directly in the spec file seems sanest:
Source0: http://foo.com/bar.tgz Source0-MD5: 1234567 Source0-SHA1: 1234567
RPM doesn't like unknown tags though. I'm not sure how the chances are to get a patch accepted that allows e.g. a X-vendor prefix. Fedora voids an rpm patch by having a separate file 'sources' that lists the file names and their check sums. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org