Ming-Ching Tiew wrote: > > > --- On Wed, 5/13/09, John Dennis <jden...@redhat.com> wrote: > >> BTW, the 2.1.4/2.1.5 snafu is why >> the most recent >> RPM is 2.1.3. >> -- > > Software will always have flaws, defects, bugs or whatever > we call it. The way I understand the rpmbuild process, > it is not difficult to add a little patch which fixes > the problem.
Of course it's easy to add a patch, but that's not the issue. There were 2 different versions of 2.1.4 tar file over a period of time. The second version of 2.1.4 identified itself internally as it built as 2.1.5 even though it's name was 2.1.4. RPM's are supposed to be built from pristine upstream sources and *must* be reproducible from upstream. So let's say you have a tar file whose name is freeradius-server-2.1.4.tar.bz which is being used to build an RPM, how do you know if that tar file was the original 2.1.4 or the subsequent 2.1.5 release which superseded it? It's ambiguous what the RPM version would be because it depends on the time window the freeradius-server-2.1.4.tar.bz was downloaded. The ambiguity with regards to what the actual version the RPM might produce is not acceptable. It's critical from a release perspective the version information be correct. The entire RPM build process depends on the assumption the tar file version matches the tar file contents which matches the RPM spec file version. It may be acceptable to you to privately build such an RPM but distributions cannot take that same risk. -- John Dennis <jden...@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html