Good Morning Campers, It appears that pulling from bzr to produce a source tarball can not be done in a way that preserves file timestamps. This makes it impossible to easily verify the md5sum of a tarball created this way. The review guidance implies that that a comment block in the spec file needs to provide enough information to recreate and verify such a tarball. Unfortunately for bzr, the verification of the tarball will always fail due to the timestamp issue. As a workaround, i suggest that for tarballs built from a bzr export that the spec file include a note that the contents of the tarball must be verified individually, and that a note concerning bzr's inability to preserve timestamps (and the dire consequences of that) be added to the code control related review guidance. For reference see the discussion in: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235191 I have manually verified that the contents of the included source1 tarball match the files pulled from call to bzr in the specfile comment block. and for bzr's plan for timestamps: https://blueprints.launchpad.net/bzr/+spec/export-original-timestamps -jef"why am i not drinking tequila right now?"spaleta -- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
