Re: Is dist-git a good place for work?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, May 08, 2020 at 04:28:37PM -0400, Neal Gompa wrote:

On Fri, May 8, 2020 at 4:25 PM Fabio Valentini <decathorpe@xxxxxxxxx> wrote:


On Fri, May 8, 2020 at 9:55 PM Zbigniew Jędrzejewski-Szmek
<zbyszek@xxxxxxxxx> wrote:
>
> On Fri, May 08, 2020 at 03:12:15PM -0400, David Cantrell wrote:
> > WHAT I WANT TO BE ABLE TO DO:
> >
> > * View Fedora's dist-git repos as authoritative for packages built for
> >   Fedora.  That is, I want to see a package on my Fedora system and be able to
> >   visit its dist-git repo to see how it's packaged.
>
> Well said.
>
> > * Make the lookaside cache optional.  For SourceX lines, I want to be able to
> >   specify a git URL to a specific tag.  fedpkg should use git archive to
> >   include that in the SRPM.  e.g.:
> >
> >       Source0: https://github.com/rpminspect/rpminspect/archive/v0.12
>
> Yes. This is somewhat orthogonal to the dist-git / source-git
> question. It would be absolutely great to have this right now on top of
> dist-git, so we don't need to do the step of 'amend Source0, spectool -g,
> fedpkg new-sources, git commit'.

Huh? You mean have koji download sources from upstream directly?
I don't think that's a good idea, and it doesn't have external network
access anyway ...



Having autofetching by Koji would require the ability to specify the
checksum for the file in the spec, IMO:
https://github.com/rpm-software-management/rpm/issues/463

A central way to validate the source is "valid" that is portable
across systems (koji, copr, obs, etc.) would make this a lot easier to
trust.


Agreed though I would also add that checking GPG signatures on signed tags if
the tag is signed is also valuable.  Those would be complementary.

Thanks,

--
David Cantrell <dcantrell@xxxxxxxxxx>
Red Hat, Inc. | Boston, MA | EST5EDT
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux