Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: zeroinstall-injector https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=181801 ------- Additional Comments From michel.salim@xxxxxxxxx 2006-02-21 22:22 EST ------- I agree on the second point, but about Source0, as I explained, the upstream source is a signed GPG file. Using the upstream source would require a BuildRequires on gnupg .. The source verification can be done by downloading the GPG-ed tarball from here: http://sourceforge.net/project/showfiles.php?group_id=76468&package_id=146899&release_id=390954 So the options are: - point Source0 to the .tar.gz.gpg file, BuildReq on gnupg - Manual verification of the source tarball (take the upstream source, gpg --decrypt ${file} > newfile, compare md5sums or do a diff) The QA checklist does not say anything about including the full Source URL, just that the source matches upstream. Let's come to an agreement on this and then I can submit the final version of the .spec file? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
