Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Merge Review: file-roller https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225751 ------- Additional Comments From toshio@xxxxxxxxxxxxxxx 2007-02-10 19:05 EST ------- As explained in #13, there are de facto rules for pulling from revision control which need to be written down and voted on. And Jeremy Katz is working on the inhouse Red Hat "source rpm is canonical" policy. We need to write those two policies in such a way that Mozilla and similar are covered. The way things have worked until now, the sources have been assumed to be available somehow (otherwise it's not open source.) If it's a tarball, provide a URL. If it's a snapshot from revision control, either a comment on how to pull that revision or a script to pull it and construct the tarball is necessary. I'm not sure what Jeremy's plans are WRT srpm's being the canonical source but if the only public source is the rpm itself then the rules will have to reflect that. The overarching reason is that sources need to be checked against upstream. One of RPM's design goals is to cleanly separate the upstream code (in the form of a tarball) from the vendor changes (in the form of patches). Including the information necessary to check this in the spec file helps reviewers to check that the tarball is actually based on upstream. In cases where we're upstream we should theoretically be able to apply other, better tests to show this: like tapping the developer on the shoulder and asking if he really released 0.2 yesterday with the following md5sum. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review