[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Package Review Stats for the week ending January 18th, 2009

Le jeudi 29 janvier 2009 à 17:45 +0100, Christoph Wickert a écrit :

> Sorry, but you did not answer my question. How do you compare it to
> something that's not there? Ok, you knew the source, but how would you
> know if Sven downloads it correctly, preserves the timestamp etc.? The
> answer is: you didn't, but you trust Sven.

Also, I don't really care a lot, because this is something that will
change the first time upstream updates, and will be caught by the BADURL
autochecks anyway. So the value of me spending a lot of time on it
instead of checking the spec and if upstream is legit is rather limited.

And yes some people could try to spoof an upstream and inject malware in
a source, but they could create a web site and propose packaging a file
from this site almost as easily.

> > If you want to do something useful, I have a pile of packaging changes
> > in my review queue I'd be happy to pass on to someone obcessing about
> > review quality in Fedora.
> Then give me some bz # please.

Basically, all the children of
https://bugzilla.redhat.com/show_bug.cgi?id=477044 which saw packager
activity and changes

Especially all the historic packages where all the remaining legacy
cruft may hide packager mistakes in the modernization of the packages.

Nicolas Mailhot

Attachment: signature.asc
Description: Ceci est une partie de message numériquement signée

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]