Hi! :) One of the package review guideline says === MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use md5sum for this task. === Past couple of days, I've been reviewing the python grapefruit package at - https://bugzilla.redhat.com/show_bug.cgi?id=716808 and the thing is, the spec file provides an - $ svn export -r 31 ... - command to pull the sources and create a tarball using $ tar -czvf ... But as it turns out, it seems, if you create a tarball from the *very same* sources on two different machines, they don't match. As in the md5sum for the two tarball differs. Please try this simple test ===== $ echo 'Hello, world' > 1 $ tar -cjf 1.tar.bz2 1 $ scp 1.tar.bz2 to a different machine. $ ssh to that same machine $ tar -xjf 1.tar.bz2 -C . $ tar -cjf 2.tar.bz2 1 $ md5sum 1.tar.bz2 2.tar.bz2 d67ea3dac09ed7eee310d9846ecdd879 1.tar.bz2 d4b716716f3cf48139c4112719538513 2.tar.bz2 ===== Could someone suggest how to fix this glitch? Or the guideline above?? Thank you. --- Regards -Prasad http://feedmug.com -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
