[Fedora-packaging] Is md5sum compulsion in review instead sha1sum?

Nicolas Mailhot nicolas.mailhot at laposte.net
Wed Oct 14 07:55:19 UTC 2009

Le Mer 14 octobre 2009 05:47, Chris Weyl a écrit :
> On Mon, Oct 12, 2009 at 10:13 PM, Matthias Clasen <mclasen at redhat.com> wrote:

>> That part of the review guidelines has always struck me as bizarre.
>> After all, wouldn't it seem even better to compare the actual tarballs
>> with each other, byte-by-byte, than relying on a checksum ?
> Um.  An easily reproducible, cryptographically strong checksum? :)

This is one test I never do, nothing will stop the packager from changing the
packaged archive as soon as the review is finished, so the whole thing is a
major waste of time for everyone involved IMHO (as is posting specs in
addition to SRPMs BTW.

Nicolas Mailhot

More information about the Fedora-packaging mailing list