On Tue, 15 May 2012 23:30:27 +0300 Oron Peled <oron@xxxxxxxxxxxx> wrote: ...snip... > * A .spec file with the extra %vcs_prep and Vcs-URL can create SRPM > directly from the vcs-repo. This SRPM can be uploaded to our > build system and be used for building *without* any interaction > with the vcs. I very much dislike this. Currently offical builds cannot use src.rpms, they must use VCS. This allows us to be able to easily see what was in a build. If we allow arbitray src.rpms it opens up a big can of worms: - We have to store those src.rpms forever (or many years). - Looking at what was used requires you to download a big src.rpm and unpack it instead of looking at a git hash in a repo. - There's much less auditing. Someone could upload a src.rpm with horrible junk in it and the only way to tell would be to download and inspect it. So, I think thats a big no go. ;) Otherwise this sounds like great stuff to talk to rpm upstream about. ;) kevin
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
