[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]


Looks good (although mach is giving me problems again so I can't test
all of it.)

Some feedback:
- A NEEDSWORK review is just as valuable as a PUBLISH +1 review.  I'd
like to see the script generate that as well.
- (Showing my ignorance of mach) How safe is it to build untrusted
sources within mach?  since mach builds the package before the user gets
a chance to go look at whether the Source URL is canonical, I was
- Review has "Installs, runs, and uninstalls fine on FC1" but I haven't
done any of that yet -- should it be in TODO?
- The first time I ran it, the script errored out because there was an
old version of an md5sum file on the server that didn't have the package
version I had up there.  However, GPG signed SRPMs are equivalent to
checking a GPG signed md5sum file that has an  md5sum for the SRPM.  So
my view is if the GPG signature on the SRPM is good and the MD5SUM file
doesn't contradict it (ie: different signing keys, different MD5Sums for
the same file) it shouldn't error out.
- I'd like to be able to point at an SRPM instead of into bugzilla in
case I have an SRPM already on my machine that I'd like to check.

Toshio <toshio tiki-lounge com>

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]