On Sun, Sep 24, 2017 at 10:56:45AM +0330, Hedayat Vatankhah wrote: > Dear all, > Currently, AFAIK, the suggested method to upload new sources for a package > is using 'fedpkg new-sources' which uploads new sources from your local > system. I wonder if there is a method to upload new sources from a URL > rather than your local filesystem? It is specially useful for large > packages.
It's an interesting idea but then it would become quite hard to check if there is a mitm attack of some sort. With the current process, at least the packager has the possibility to check the sources locally before uploading them into Fedora. The solution would be to provide the sha + the url and let the down be server side but that won't save you from downloading the sources locally first. Pierre _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
