Request for Review: dhcp-forwarder, dietlibc, ip-sentinel, util-vserver + xca

Michael Schwendt bugs.michael at
Wed Mar 30 15:46:35 UTC 2005

On Wed, 30 Mar 2005 12:17:32 +0200, Enrico Scholz wrote:

> > Source0:
> > I think it's prefered to list the exact name-version in there instead
> > of macros.
> Sorry, I will not change it as it adds redundancy and seduces reviewers
> to copy & paste this URL without verifying its correctness.

Nah, reviewers have better things to do than verify your macro usage
in Source URLs. ;)

The original reason for "preferring macro-less Source URLs" was that you
can cut'n'paste reasonably looking URLs and use wget/curl to fetch
upstream tarballs quickly, whereas it needs ugly rpm --specfile hacks to
convert any macros in there first. The rationale was to lower the bar
for new reviewers and make access to tarballs easier.

The Source URLs--if not no hint whether the download location
belongs to the upstream project. Serious reviewers would need to start at
Google (or the "URL:" tag) for full verification of tarball origins anyway.

However, with CVS as a package store, most packagers likely prefer macros
in Source URLs, so they don't need to update them for every version

> > BuildRoot:      %_tmppath/%name-%version-%release-buildroot
> > The prevered value is
> > "%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)" 
> There is no big difference except the '%(%{__id_u} -n)' which does not
> make much sense but adds complexity and gives a false feeling about
> security. You have always a race between

If memory serves correctly, the %__id_u thing was not for added
security, but a somewhat sane default for multi-user environments and
build machines, which didn't override buildroot.

More information about the fedora-extras-list mailing list