On Wed, 2007-02-14 at 13:45 -0800, Toshio Kuratomi wrote: > ''' > = Referencing Source = > > One of the design goals of rpm is to cleanly separate upstream > source from vendor modifications. For the Fedora packager, this > means that sources used to build a package should be the vanilla > sources available from upstream. To help reviewers and QA scripts > verify this, the packager needs to indicate where a reviewer can find > the source that was used to make the rpm. caillon had this to say in the bug which spawned this: ''' Looks good from the brief glance I took, but I strongly feel this whole thing should be a "good practises" recommendation and not a requirement. If you're trying to prevent against "bad" RPMs, well you're not going to do that if there are exceptions... Even for a good SRPM, someone could simply fork an open source project, not have a repo other than the SRPM, and distribute whatever code they want that way in extras, theoretically. This has no bearing on the actual packaging or quality of RPMs. It's only redeeming quality is that it might potentially help with automated verification of upstream sources, but that does not exist right now and that potential benefit should be enough to convince most packagers to do this. There's simply no reason to make it a hard requirement IMO other than because it's always been that way (which is no real reason). '''
Attachment:
signature.asc
Description: This is a digitally signed message part
-- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
