Dne 24. 06. 21 v 15:48 Tomas Tomecek napsal(a):
One thing to consider is that the upstream tarballs might be cryptographically
signed and packages should verify the signature in %prep.
This is a very good point - in such a case, we should always pull the
official upstream tarball instead of generating a new one downstream
Does it matter? If you are able to generate byte2byte identical tarball then
you can choose any of them.
Miroslav
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
