On 08/01, Andrey Vihrov via arch-general wrote: > - Previously the list of applied patches was very transparent. You could > immediately see that the kernel and kernel patch tarballs come from > kernel.org, and view individual extra patches. Now the code comes from a > non-kernel source, and cannot be verified as easily. Just run `git log v$_srcver`. That will show you all the patches that have been applied to the upstream release. That the sources do no longer come from kernel.org is irrelevant, you should _always_ verify the gpg signature for auditing purposes. > - Previously, if a new kernel version is released and is not yet in the > repos, you could more or less take the official linux PKGBUILD, change > one number and build it yourself. With the new layout it is not clear > how to achieve this. git-rebase(1) will accomplish that. > - An often cited Arch policy is to use software as released by upstream > with minimal patching. What becomes of this policy if one of the core > packages builds from a technical fork instead of upstream? Nobody forked the linux kernel, and no new patches have been added. The resulting package is exactly the same, so nothing changed in that regard. Regards, Tharre -- PGP fingerprint: 42CE 7698 D6A0 6129 AA16 EF5C 5431 BDE2 C8F0 B2F4
Attachment:
signature.asc
Description: PGP signature
