[Fedora-packaging] Is md5sum compulsion in review instead sha1sum?

Ralf Corsepius rc040203 at freenet.de
Wed Oct 14 08:24:50 UTC 2009


On 10/14/2009 09:55 AM, Nicolas Mailhot wrote:
>
>
> Le Mer 14 octobre 2009 05:47, Chris Weyl a écrit :
>>
>> On Mon, Oct 12, 2009 at 10:13 PM, Matthias Clasen<mclasen at redhat.com>  wrote:
>
>>> That part of the review guidelines has always struck me as bizarre.
>>> After all, wouldn't it seem even better to compare the actual tarballs
>>> with each other, byte-by-byte, than relying on a checksum ?
>>
>> Um.  An easily reproducible, cryptographically strong checksum? :)
>
> This is one test I never do, nothing will stop the packager from changing the
> packaged archive as soon as the review is finished,
ACK.

> so the whole thing is a
> major waste of time for everyone involved IMHO
Agreed.

> (as is posting specs in
> addition to SRPMs BTW.
Not agreed. Many packaging issues can be easily be found in specs, 
without downloading with the actual *.src.rpm.

Ralf





More information about the Fedora-packaging mailing list