[Rpm-maint] [rpm-software-management/rpm] RFE: read sources checksums from the SPEC file and verify them (#463)
Michal Novotný
notifications at github.com
Mon Mar 23 17:41:46 UTC 2020
> One problem with the `sources` file is that it is distro specific -- Fedora uses `sources`, OpenMandriva uses a similar file (though with slightly different syntax) called `.abf.yml`, probably other distributions have yet other workarounds.
>
> Another problem is that it's not the spec file -- I don't think we want to end up with a mess similar to what dpkg has in those debian directories.
I think it is distro-specific because it is tight down to particular distribution-git that some higher-level tools work with (fedpkg, centpkg, rpkg, ...), i.e. where the packages are stored.
But the SourceX: in rpm spec file typically does not reference a tarball in that particular dist-git but it instead references sources from upstream (at least in Fedora/CentOS and for OpenMandriva that seems to be true as well). But that's not from where the tarballs are downloaded when they are going to be built.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/463#issuecomment-602752407
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20200323/a5840589/attachment.html>
More information about the Rpm-maint
mailing list