Mailinglist Archive: opensuse-factory (837 mails)

< Previous Next >
Re: [opensuse-factory] New policy proposal for Factory: Make source of tar balls trackable
Sascha Peilicke wrote:
On Monday 21 March 2011 11:25:06 Richard Guenther wrote:
On Mon, 21 Mar 2011, Adrian Schröter wrote:
I like to propose a new policy for Factory regarding our package source
handling with the goal that our package sources are upgradable,
modifyable and trustable by any other developer.

Please find my proposal here:

http://lizards.opensuse.org/2011/03/21/policy-proposal-for-factory-make-s
ource-of-tar-balls-trackable/

And please drop some comments as reply to this mail :)

The use of source services makes the build process less transparent
(how do you build such with just rpmbuild? Build once in OBS and then
download a source rpm?). Why not just provide tarball URL and MD5/SHA
checksum in the rpm spec file? I really do not like adding other
non-standard metadata ontop of what we already have.
Actually, this is what I'd like to see too. However, AFAIK the download_url
service already uses the URL found in the Source tag. Having that info
directly in the spec file seems sanest:

Source0: http://foo.com/bar.tgz
Source0-MD5: 1234567
Source0-SHA1: 1234567

RPM doesn't like unknown tags though. I'm not sure how the chances
are to get a patch accepted that allows e.g. a X-vendor prefix.
Fedora voids an rpm patch by having a separate file 'sources' that
lists the file names and their check sums.

cu
Ludwig


--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups