[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RFC: fedora.us QA approval format



On Fri, 2 Apr 2004 10:38:54 +0200, Patrice Dumas wrote:

> > - Download of the sources, with md5sum check
> 
> Maybe the download should't be automatic, such that it is possible to check
> that the download url is really the right url (presumably searching first the
> project home page with google, in order not to use the url provided in the
> srpm, and verifying that it is the right download page), and not one with 
> bad package ?

Reviewers should also notice when upstream projects provide detached GPG
signatures, which can be used to verify the published tarballs.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]