Just a quick clarification:
Am 17.04.20 um 22:06 schrieb Thorsten Leemhuis:
Am 17.04.20 um 20:55 schrieb Don Zickus:
> Is there any other large concern with the new workflow?
The more I think about this the more I dislike that we are not using
official, pristine tarballs anymore. This "Source0 is a tarball
generated from a git tree maintained outside of the Fedora infra and
patched with buildscripts" IMHO violates the intention of the SourceURL
part of the Fedora Packaging Guidelines that was put in place for good
reasons (by both red hat and community contributors):
https://docs.fedoraproject.org/en-US/packaging-guidelines/SourceURL/
This can be fixed afaics, as it was already discussed in this mail and
the answer to it:
https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject....
Yes, it will be some work, but I think it would be wise to do that "to
cleanly separate upstream source from vendor modifications" (that's a
quote from the guidelines).
Note: What I wrote might sound like I want to stick to tarballs forever.
That is not the case, I only would prefer something where all vendor
modifications are clearly separated from the sources upstream released
(which was the case for the kernel.spec until a few days ago). IOW: I'm
totally fine if RPM and/or Dist-Git learn to understand source URLs that
download sources from a signed tag somehow (say: "Source0:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/snapsh...
– which is a bad example, as that is a tarball again, but you get the idea).
CU, knurd