Michael Schwendt <mschwendt@xxxxxxxxx> writes: > The uploaded tarball checksum enters the "sources" file in git, and any > tarball downloaded from the lookaside cache MUST match that checksum. > Else it wouldn't be downloaded and used. Source RPM build in koji would > fail. That won't help if the tarball is already defective when uploaded. The checksum is basically only used to identify the blob in the cache, at most to detect cache corruptions. Andreas. -- Andreas Schwab, schwab@xxxxxxxxxx GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84 5EC7 45C6 250E 6F00 984E "And now for something completely different." -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
