SCIENTIFIC-LINUX-USERS Archives

June 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: RHEL 7 just hit the market place, I'm looking forward to when we can start testing SL 7
From:
Nico Kadel-Garcia <[log in to unmask]>
Reply To:
Nico Kadel-Garcia <[log in to unmask]>
Date:
Wed, 18 Jun 2014 20:55:40 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (19 lines) 
On Wed, Jun 18, 2014 at 4:16 PM, Lamar Owen <[log in to unmask]> wrote:

> So, somewhat paradoxically, I would have a greater confidence in source from
> git than source from a signed source RPM, again due to git's design.  Yeah,
> I know, it's not what we're used to, and there is a bit of information that
> a package.src.rpm has that the git repo won't have, but it's possible to
> produce binary compatibility without that bit of info.  It may seem to be
> more work, but time will tell.

The difficulty is one I encounter daily. What is checked out from a
git repo today, and build with, need have no resemblance to what is in
the git repo tomorrow, or yesterday, especially if you are pulling
from the "master" branch. And relying on the ".spec file" or the last
change in the .spec file need not reflect the other changes that were
done after the .spec file, but merged after the fact or from another
code branch.

This is what GPG signed "tags", with version numbers, are very useful for.

ATOM RSS1 RSS2