Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=524332 --- Comment #8 from Michael Schwendt <mschwendt@xxxxxxxxx> 2009-09-29 05:07:54 EDT --- > I had a similar conversation on IRC and the outcome was that the > timestamps are quite important for noarch packages. How important is "quite important"? If there is somebody who spreads rumours like that, I'd prefer a public email in a more relevant and more appropriate place. IRC conversations are quite unimportant. The current guideline on preserving timestamps (which is worded as a recommendation: "consider using") is based on two simple facts: 1) For files whose content doesn't change with rebuilds or upgrades of a package, with preserved mtime timestamps package end-users can easily recognise the age of files (which may be a hint about the age of the software, too) and also recognise old/out-of-date documentation. That's not something of importance, it can be plain helpful. 2) For files that don't change with rebuilds or upgrades of a package (in particular not in terms of a checksum change), we don't want such files to trigger a report of external system integrity checkers because of mtime changes. [During intrusion detection, for example, a changed mtime (even with an unchanged file checksum) means that someone/something has written to a file.] And we're not talking about embedded timestamps here, which are part of a file's data and influence the file's checksum. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review