source file audit - 2009-11-01

Kevin Fenzi kevin at scrye.com
Thu Nov 5 18:09:44 UTC 2009 

On Thu, 5 Nov 2009 11:39:04 +0000
"Richard W.M. Jones" <rjones at redhat.com> wrote:

> On Wed, Nov 04, 2009 at 05:18:16PM -0700, Kevin Fenzi wrote:
> > rjones:BADURL:ocaml-autoconf-1.1.tar.gz:ocaml-autoconf
> 
> False alarm?  Both the URL and Source0 work for me, but note that the
> site has a self-signed certificate so you need
> "--no-check-certificate" or the equivalent to download the source:
> 
>   wget --no-check-certificate
> https://forge.ocamlcore.org/frs/download.php/282/ocaml-autoconf-1.1.tar.gz

Well, the script I am running uses 'spectool -g' and indeed, it doesn't
handle self signed certs: 

--2009-11-02 03:15:09--  https://forge.ocamlcore.org/frs/download.php/282/ocaml-autoconf-1.1.tar.gz
Resolving forge.ocamlcore.org... 87.98.154.45
Connecting to forge.ocamlcore.org|87.98.154.45|:443... connected.
ERROR: cannot verify forge.ocamlcore.org's certificate, issued by `/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support at cacert.org':
  Unable to locally verify the issuer's authority.
To connect to forge.ocamlcore.org insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

Would it be possible to use a http link there?

> > rjones:BADSOURCE:pa_do-0.8.10.tar.gz:ocaml-pa-do
> 
> This is the same hosting provider as above, and I can definitely
> access the URL and Source0 from here.
> 
>   wget --no-check-certificate
> http://forge.ocamlcore.org/frs/download.php/273/pa_do-0.8.10.tar.gz

Yeah, same issue. 

> > rjones:BADURL:coccinelle-0.1.10.tgz:coccinelle
> 
> Upstream moved their website hosting.  Fixed by rebuilding all the
> branches.
> 
> > rjones:BADURL:febootstrap-2.5.tar.gz:febootstrap
> 
> Fixed (upstream website problem).
> 
> > rjones:BADURL:libpng-1.2.37.tar.bz2:mingw32-libpng
> 
> Ugghh, upstream like to remove old copies of their source tarballs.
> 
> Fixed and rebuilt in Rawhide only, because I don't want to push
> unstable updates to the other branches and there's no way to fix those
> other branches if the upstream tarball has gone.

No need to build anything for these... just correct the links and it
should go out with the next update for something else. ;) 

kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20091105/15dab6b5/attachment.sig>

More information about the fedora-devel-list mailing list