source file audit - 2007-10-17
Thorsten Leemhuis
fedora at leemhuis.info
Sat Oct 20 09:06:31 UTC 2007
On 19.10.2007 22:01, Kevin Fenzi wrote:
>
> - Should I keep running this? Do folks find it useful?
You IMHO not -- we instead should put up a xen instance somewhere where
this and similar scripts get regularly started by cron.
BTW, sorting the list by owner's username would make finding the
packages that are owned by me a little bit easier IMHO.
> - Should I try and spam maintainers? Or just keep posting in the list?
I suppose list once a week and maintainers as well.
> [...]
> Lines in the output are of three forms:
> [...]
> - BADSOURCE:$SOURCENAME:$PACKAGENAME
>
> This means that the source was downloaded ok from the upstream site,
> but doesn't match the md5sum given in the sources file.
> This could be due to needing to strip out content that fedora cannot
> ship (but in that case you shouldn't have the full URI in the Source
> line). Or upstream following poor release practices and updating
> without changing their release.
> [...]
> thl:BADSOURCE:CHANGELOG:rss2email
Hmmmm:
diff -u CHANGELOG.from_CVS CHANGELOG.freshly_downloaded
--- CHANGELOG 2007-03-26 09:48:51.000000000 +0200
+++ CHANGELOG.old 2006-08-25 20:36:11.000000000 +0200
@@ -119,7 +119,7 @@
</ul>
<p class="dateline"><span style="border: 1px solid #c3d9ff;
padding-left: 4px; ">
- last updated 6 months ago
+ last updated 1 year ago
<a href="/CHANGELOG">#</a>
</span>
</p>
Tracking such stuff seems not worth the trouble to me. Should we
blacklist this specific file? Or does anybody have a better idea
(besides converting upstream to put a proper changelog somewhere that
doesn't have unnecessary dynamic updates)?
CU
knurd
More information about the fedora-devel-list
mailing list