[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RFC: fedora.us QA approval format



Michael Schwendt wrote:
On Fri, 2 Apr 2004 10:38:54 +0200, Patrice Dumas wrote:


- Download of the sources, with md5sum check

Maybe the download should't be automatic, such that it is possible to check
that the download url is really the right url (presumably searching first the
project home page with google, in order not to use the url provided in the
srpm, and verifying that it is the right download page), and not one with bad package ?


Reviewers should also notice when upstream projects provide detached GPG
signatures, which can be used to verify the published tarballs.



Reviewers should also harass upstream projects into providing GPG signatures "or else". =)


We managed to convince gaim and scribus, but few other people...

Warren



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]