Le jeudi 29 janvier 2009 à 17:45 +0100, Christoph Wickert a écrit : > Sorry, but you did not answer my question. How do you compare it to > something that's not there? Ok, you knew the source, but how would you > know if Sven downloads it correctly, preserves the timestamp etc.? The > answer is: you didn't, but you trust Sven. Also, I don't really care a lot, because this is something that will change the first time upstream updates, and will be caught by the BADURL autochecks anyway. So the value of me spending a lot of time on it instead of checking the spec and if upstream is legit is rather limited. And yes some people could try to spoof an upstream and inject malware in a source, but they could create a web site and propose packaging a file from this site almost as easily. > > If you want to do something useful, I have a pile of packaging changes > > in my review queue I'd be happy to pass on to someone obcessing about > > review quality in Fedora. > > Then give me some bz # please. Basically, all the children of https://bugzilla.redhat.com/show_bug.cgi?id=477044 which saw packager activity and changes Especially all the historic packages where all the remaining legacy cruft may hide packager mistakes in the modernization of the packages. -- Nicolas Mailhot
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
