On Fri, Sep 15, 2023 12:53:21 +0200, Laura Barcziova wrote: > Yes, Fedora dist-git lookaside cache. The upstream archive is uploaded > automatically, but only a pull request is created in the particular dist-git > repo with the change of the sources reference. Once the PRs are created, it is > up to the maintainer to review these changes and, just after that, merge the > changes with the updated reference to the respective branches. See also: https://github.com/packit/packit/issues/2035 Packit is awesome, it really does help to automate lots of menial tasks, but the risk really is that maintainers forget to do their due diligence before merging the PRs and all that. I guess it should be possible to make packit (or the-new-hotness?) run licensecheck on the new sources and include that in the PR comment too, perhaps also with a list of packages that depend on the one being updated as an "impact check"? See also: https://github.com/fedora-infra/the-new-hotness/issues/545 Another issue relevant to us Fedora package maintainers is this one (already being worked on from what I see): https://github.com/packit/packit/issues/1920 -- Thanks, Regards, Ankur Sinha "FranciscoD" (He / Him / His) | https://fedoraproject.org/wiki/User:Ankursinha Time zone: Europe/London
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
