Request for Review: dhcp-forwarder, dietlibc, ip-sentinel, util-vserver + xca
Michael Schwendt
bugs.michael at gmx.net
Wed Mar 30 15:46:35 UTC 2005
On Wed, 30 Mar 2005 12:17:32 +0200, Enrico Scholz wrote:
> > Source0: http://download.sourceforge.net/sourceforge/xca/%name-%version.tar.gz
> > I think it's prefered to list the exact name-version in there instead
> > of macros.
>
> Sorry, I will not change it as it adds redundancy and seduces reviewers
> to copy & paste this URL without verifying its correctness.
Nah, reviewers have better things to do than verify your macro usage
in Source URLs. ;)
The original reason for "preferring macro-less Source URLs" was that you
can cut'n'paste reasonably looking URLs and use wget/curl to fetch
upstream tarballs quickly, whereas it needs ugly rpm --specfile hacks to
convert any macros in there first. The rationale was to lower the bar
for new reviewers and make access to tarballs easier.
The Source URLs--if not SF.net--give no hint whether the download location
belongs to the upstream project. Serious reviewers would need to start at
Google (or the "URL:" tag) for full verification of tarball origins anyway.
However, with CVS as a package store, most packagers likely prefer macros
in Source URLs, so they don't need to update them for every version
upgrade.
>
> > BuildRoot: %_tmppath/%name-%version-%release-buildroot
> > The prevered value is
> > "%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)"
>
> There is no big difference except the '%(%{__id_u} -n)' which does not
> make much sense but adds complexity and gives a false feeling about
> security. You have always a race between
If memory serves correctly, the %__id_u thing was not for added
security, but a somewhat sane default for multi-user environments and
build machines, which didn't override buildroot.
More information about the fedora-extras-list
mailing list