[Fedora-packaging] Re: Source Url Guidelines

Toshio Kuratomi a.badger at gmail.com
Wed Feb 14 22:37:51 UTC 2007

On Wed, 2007-02-14 at 13:45 -0800, Toshio Kuratomi wrote:
> '''
> = Referencing Source =
> One of the design goals of rpm is to cleanly separate upstream 
> source from vendor modifications.  For the Fedora packager, this
> means that sources used to build a package should be the vanilla
>  sources available from upstream.  To help reviewers and QA scripts
> verify this, the packager needs to indicate where a reviewer can find
> the source that was used to make the rpm.

caillon had this to say in the bug which spawned this:
Looks good from the brief glance I took, but I strongly feel this whole
thing should be a "good practises" recommendation and not a requirement.
If you're trying to prevent against "bad" RPMs, well you're not going to
do that if there are exceptions... Even for a good SRPM, someone could
simply fork an open source project, not have a repo other than the SRPM,
and distribute whatever code they want that way in extras,
theoretically.  This has no bearing on the actual packaging or quality
of RPMs.  It's only redeeming quality is that it might potentially help
with automated verification of upstream sources, but that does not exist
right now and that potential benefit should be enough to convince most
packagers to do this.  There's simply no reason to make it a hard
requirement IMO other than because it's always been that way (which is
no real reason).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-packaging/attachments/20070214/de051643/attachment.sig>

More information about the Fedora-packaging mailing list