The push-script has caught this: > New packages in PUSHED /srv/rpmbuild/repodir/fedora-development-extras/rssowl/1.2.1-4.fc6, clearing flag This means that an older build of the same package has been signed and published before (a file "PUSHED" in the build job results directory of a package in the needsign tree), and that the results of the new build job have been found in the old directory which has not expired yet. When the package was modified without bumping release (or if build dependencies have changed meanwhile), some users may already have updated to the previous binaries. They won't ever see changes in the new builds unless they reinstall the package(s). That is bad. Note that ever since, the various push scripts have never overwritten old packages in the master repository. The "copy" and "move" functions do not overwrite existing destination files, which is good. So, we have kind of a partially undefined situation here, since a version-bump-less rebuild may introduce new sub-packages or be made for more/less architectures. A rebuild may also be accidental, and remember, even if EVR has not changed, it is impossible to kill/withdraw succeeded build jobs with plague-client. We need to define what is done with a version-bump-less rebuild of a package that has been published before. * Overwriting existing rpms in the published tree is bad. * Rule of thumb: If you want changes to enter your packages, bump Release! * Detecting and ignoring rebuilds is not trivial [*] if the previous build job results directory is gone already. (it would need something like looking for existing destination files, then ignoring the entire results of a build job before any rpms would be copied/moved/linked) [*] doable, but worth the effort? * At the level of the push-script, we have no way to inform a packager about rejected/ignored build results. * The build report is misleading if it mentions a package, which has been ignored partially or completely, because an older build of it exists in the repository already. The package database could help with this and make the build server reject rebuilds of previously built package releases. Meanwhile I say: Avoid version-bump-less rebuilds like the plague!
Description: PGP signature