https://bugzilla.redhat.com/show_bug.cgi?id=1299313 --- Comment #4 from Parag Nemade <pnemade@xxxxxxxxxx> --- Can you please interpret meaning for me for this statement "If the upstream does create tarballs you should use them as tarballs provide an easier trail for people auditing the packages." ? Let me know if there can be any different meaning to it. Regarding Spot's guidelines, they are not updated since Dec'2012. See https://fedoraproject.org/w/index.php?title=User:Spot/GitHub_Guidelines&action=history Whereas This is the change from 9th July 2015 which added above tarball usage guideline -> https://fedoraproject.org/w/index.php?title=Packaging%3ASourceURL&diff=417378&oldid=372006 Looks like its Gbcox who proposed that tarball usage guideline. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review