RFC: fedora.us QA approval format

Michael Schwendt ms-nospam-0306 at arcor.de
Fri Apr 2 13:08:13 UTC 2004


On Fri, 2 Apr 2004 10:38:54 +0200, Patrice Dumas wrote:

> > - Download of the sources, with md5sum check
> 
> Maybe the download should't be automatic, such that it is possible to check
> that the download url is really the right url (presumably searching first the
> project home page with google, in order not to use the url provided in the
> srpm, and verifying that it is the right download page), and not one with 
> bad package ?

Reviewers should also notice when upstream projects provide detached GPG
signatures, which can be used to verify the published tarballs.





More information about the fedora-devel-list mailing list