[Rpm-maint] [rpm-software-management/rpm] RFE: read sources checksums from the SPEC file and verify them (#463)

Neal Gompa notifications at github.com
Fri Jul 14 09:54:52 UTC 2023


> Unfortunately the suggested format of `Source(sha256): format` is not backward compatible with older rpm releases, and having the checksum as an extra tag (with autonumbering) and if conditions could be error prone and tricky.

Is backward compatibility really an issue if we're talking about a new feature? This wasn't an okay reason when we added weak dependencies (which also broke on old rpm too).

Adding a new tag to do anything is always going to cause this problem, and if we're not willing to own up to that and bite that bullet, then we can't add any new tags ever. 😦 

The alternative proposal relies on RPM having broken syntax parsing, because I don't see a reason that it shouldn't choke on `Source sha256(<checksum>): URL`. And the "alternative syntax" breaks the ability to use SourceURL downloading (which most distributions actually do rely on).



-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/463#issuecomment-1635611325
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/463/1635611325 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230714/161b04a3/attachment-0001.html>


More information about the Rpm-maint mailing list