[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Macros in Source fields (was: Re: Prelink success story :))



Alan Cox wrote :

> On Fri, Feb 27, 2004 at 07:43:20PM +0100, Matthias Saou wrote:
> > Yes, mach parses source and patch tags, expands them and searches the
> > current directory for a matching file name, then searches for an already
> > downloaded file in the chroot, and if none are found, tries to download
> > the file.
> 
> Has mach added an sha sum to the source spec file so that the download
> is known to be correct, otherwise this seems slightly umm dangerous ?

One could add that inside the spec file after checking. But my point here
was that copy/pasting a source tag to download it (i.e. with wget) was
even more complicated than what mach is able to do. Now, in any case, if
one wants checking to be done, it needs to be done "manually" with some
reviewing, or something specific needs to be set up, for example checking
the signature of the downloaded tarball from an asc file against a trusted
key. Although this is important, it's beyond the point I was trying to
make ;-)

Matthias

-- 
Clean custom Red Hat Linux rpm packages : http://freshrpms.net/
Fedora Core release 1 (Yarrow) - Linux kernel 2.6.3-1.91
Load : 0.96 0.97 0.74




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]