On Wed, 29 Jun 2011 12:59:41 +0530 (IST), PJP (P) wrote: > One of the package review guideline says > > === > MUST: The sources used to build the package must match the > upstream source, as provided in the spec URL. Reviewers should use > md5sum for this task. > === It says more than that: | If no upstream URL can be specified for this package, please see the | Source URL Guidelines for how to deal with this. -> https://fedoraproject.org/wiki/Packaging/SourceURL -> https://fedoraproject.org/wiki/Packaging/SourceURL#Using_Revision_Control That is the guideline that's releveant. > Past couple of days, I've been reviewing the python grapefruit package > > > at - https://bugzilla.redhat.com/show_bug.cgi?id=716808 > > and the thing is, the spec file provides an - $ svn export -r 31 ... - command to pull the sources and create a tarball using $ tar -czvf ... > > But as it turns out, it seems, if you create a tarball from the *very same* sources on two different machines, they don't match. As in the md5sum for the two tarball differs. > Examine whether the uncompressed tarball differs already due to file timestamps or file system differences. A simple md5sum isn't helpful in that case. You would verify an svn snapshot tarball with a full tree diff, possibly deleting the revision control maintenance directories beforehand. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
