On 02/09/2017 12:53 PM, Johnny Hughes wrote: > On 02/09/2017 12:50 PM, Leonard den Ottolander wrote: >> Hello John, >> >> On Thu, 2017-02-09 at 16:33 +0000, John Hodrien wrote: >>> On Thu, 9 Feb 2017, Leonard den Ottolander wrote: >>> >>>> How about my request for checksums in the git repo? >>> >>> What checksums would you actually want in git? >> >> SRPMS are signed which allows the integrity of the contents to be >> checked. Such an integrity check is missing from the git repo. >> >> Either a checksum file for each file or a single checksums file per >> package/release holding all checksums for all files of said >> package/release (including the tarballs that are downloaded with >> get_sources.sh). >> >> Regards, >> Leonard. >> > > Red Hat exports the source code to the repo, I don't think they are > going to change what the put in. It is an extracted SRPM. At the time of extraction, the <name>.metadata file is created (again, not by us, but by the Red Hat team that distributes source), and all the non-text sha1sums are in there as well as all the text sources. You can see who modifies any of those files (the text sources and the text <name>.metadata file).
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
