[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Bug 181801] Review Request: zeroinstall-injector



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: zeroinstall-injector


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=181801





------- Additional Comments From michel salim gmail com  2006-02-21 22:22 EST -------
I agree on the second point, but about Source0, as I explained, the upstream
source is a signed GPG file. Using the upstream source would require a
BuildRequires on gnupg ..

The source verification can be done by downloading the GPG-ed tarball from here:
http://sourceforge.net/project/showfiles.php?group_id=76468&package_id=146899&release_id=390954

So the options are:
- point Source0 to the .tar.gz.gpg file, BuildReq on gnupg
- Manual verification of the source tarball (take the upstream source, gpg
--decrypt ${file} > newfile, compare md5sums or do a diff)

The QA checklist does not say anything about including the full Source URL, just
that the source matches upstream.

Let's come to an agreement on this and then I can submit the final version of
the .spec file?


-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]