Re: Fedora Source-git SIG report #1 (June 2021)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 24. 06. 21 23:07, Miroslav Suchý wrote:
Dne 24. 06. 21 v 15:48 Tomas Tomecek napsal(a):
One thing to consider is that the upstream tarballs might be cryptographically
signed and packages should verify the signature in %prep.
This is a very good point - in such a case, we should always pull the
official upstream tarball instead of generating a new one downstream

Does it matter? If you are able to generate byte2byte identical tarball then you can choose any of them.

AFAIK git does not grantee to produce byte2byte identical archives across different versions of git, zlib, gzip etc. So even if upstream signs the git generated archive, generating a byte2byte identical one might be tricky.

--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux