[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[Bug 181801] Review Request: zeroinstall-injector
- From: bugzilla redhat com
- To: fedora-extras-list redhat com
- Subject: [Bug 181801] Review Request: zeroinstall-injector
- Date: Wed, 22 Feb 2006 01:57:18 -0500
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: zeroinstall-injector
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=181801
------- Additional Comments From paul city-fan org 2006-02-22 01:57 EST -------
(In reply to comment #4)
> I agree on the second point, but about Source0, as I explained, the upstream
> source is a signed GPG file. Using the upstream source would require a
> BuildRequires on gnupg ..
>
> The source verification can be done by downloading the GPG-ed tarball from here:
>
http://sourceforge.net/project/showfiles.php?group_id=76468&package_id=146899&release_id=390954
>
> So the options are:
> - point Source0 to the .tar.gz.gpg file, BuildReq on gnupg
> - Manual verification of the source tarball (take the upstream source, gpg
> --decrypt ${file} > newfile, compare md5sums or do a diff)
I would advocate the first option; it allows people to do:
$ spectool --gf zeroinstall-injector.spec
to retrieve the sources directly from upstream.
Shouldn't the buildreq be python-devel rather than python?
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]