On Tue, Nov 24, 2009 at 10:33:16 -0500, Todd Zullinger <tmz@xxxxxxxxx> wrote: > > What I'm here for is to gather ideas for how to properly go about > building the mingw32-sha256sum and keeping it around so that when I > extract the sha256sum.exe and upload it to fedoraproject.org we will > have the koji built rpm to compare the binary against. Otherwise, the > whole process falls back to "Trust that Todd didn't trojan the > executable." And while I'd be flattered if folks had that much trust > in me, I think it would be unwise to encourage or expect. :) I was thinking about what the gpl requirements are for publishing executables built with mingw are for another project that might be set up on fedorahosted. Since mingw stuff is likely to include staticly linked libraries, I think you need to have pointers to the sources for the versions of all of the included libraries. So while I haven't asked someone about this before, I was thinking that I would probably need to determine the libraries that got linked in and then note the versions that were used to do the build and include links into koji for all of the involved src rpms prominently on the download page. _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list