On 6/1/06, Thorsten Leemhuis <fedora@xxxxxxxxxxxxx> wrote:
1. create a package, prepare it for review 2. get it reviewed and yourself sponsored 3. import it and build 4. checkout some popular packages, upload new tarballs with a slightly different names and a root-kit in it. Modify the "Source0" accordingly 5. commit the changes, hit "CTRL-C" at the right point of time so the commit-message is not send to commits-list 6. wait until the maintainer fixes something else in the package an rebuilds it without noticing the changes done to CVS in between
Most of us have locally checked out copies of our packages in the extras CVS, so this won't work -- cvs commit will bail with "uptodate check failed for foo.spec". The maintainer will go "whaaaa?", run CVS diff, notice the updated Source0, go "that's funny, I don't remember changing that," and then there will be a lot of ass-whoopin', as the new source is downloaded and examined. The system is less broken than you think. -- Konstantin Ryabitsev Montréal, Québec -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
