[Bug 1272235] Review Request: distribution-gpg-keys - Keys of various Linux distributions

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1272235

Carl George  changed:

   What|Removed |Added

 Status|POST|CLOSED
 CC||carl@george.computer
 Resolution|--- |ERRATA
Last Closed||2018-07-09 22:52:32



--- Comment #8 from Carl George  ---
This has been available since
https://bodhi.fedoraproject.org/updates/distribution-gpg-keys-1.3-1.fc22

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org/message/SRFJ37GZZ544IFGAPS7AOTL2KEJ5UYN5/

[Bug 1272235] Review Request: distribution-gpg-keys - Keys of various Linux distributions

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1272235

Mike McCune  changed:

   What|Removed |Added

 Status|MODIFIED|POST



--- Comment #7 from Mike McCune  ---
This bug was accidentally moved from POST to MODIFIED via an error in
automation, please see mmcc...@redhat.com with any questions

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1272235] Review Request: distribution-gpg-keys - Keys of various Linux distributions

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1272235

Sat6QE Jenkins  changed:

   What|Removed |Added

 Status|POST|MODIFIED



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1272235] Review Request: distribution-gpg-keys - Keys of various Linux distributions

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1272235



--- Comment #6 from Upstream Release Monitoring 
 ---
pbrobinson's scratch build of
linux-user-chroot?#b7afe5173cbd31b029b027b6f8a14baa5e6ce87a for
epel7-archbootstrap and
git://pkgs.fedoraproject.org/linux-user-chroot?#b7afe5173cbd31b029b027b6f8a14baa5e6ce87a
failed http://koji.fedoraproject.org/koji/taskinfo?taskID=12089939

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1272235] Review Request: distribution-gpg-keys - Keys of various Linux distributions

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1272235

Zbigniew Jędrzejewski-Szmek  changed:

   What|Removed |Added

 Status|ASSIGNED|POST



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1272235] Review Request: distribution-gpg-keys - Keys of various Linux distributions

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1272235

Zbigniew Jędrzejewski-Szmek  changed:

   What|Removed |Added

  Flags|fedora-review?  |fedora-review+



--- Comment #5 from Zbigniew Jędrzejewski-Szmek  ---
So... review is trivial.
- the source material is in the public domain
- name is fine
- packaging is OK
- rpmlint is happy.

Package is APPROVED.

Please consider using the github tarball as source.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1272235] Review Request: distribution-gpg-keys - Keys of various Linux distributions

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1272235



--- Comment #2 from Miroslav Suchý  ---
(In reply to Zbigniew Jędrzejewski-Szmek from comment #1)
> https://bugzilla.redhat.com/show_bug.cgi?id=1246701 is about including more
> Fedora keys in fedora-repos.

Interresting. But still it will miss all others (centos/epel/rpmfusion...)
I can add those old keys too.

> I think it is very useful and increases security of various cross-distro
> installation. I wonder though whether not to remove Fedora and EPEL keys
> from this, since they will be included in fedora-repos, or maybe to add a
> check to make sure that they are identical in both packages.

bug 1246701 speaks just about old fedora keys, not about epel IIRC.


> Regarding packaging:
> - why not use a github tarball directly? It's much nicer than to force a git
> clone and additional steps.

Because github tarball checksum was not stable in past (not sure if this
changed recently). Also the URL is changing nearly each year. At least the URL
we should use as suggested by Fedora Guidelines.
And I do not use or create tar.gz at all. I just wrote
  tito --srpm
and it will craft (binary identical) tar.gz for me.

> - GPL, seriously? I'm all for GPL, but in this case CC-0 seems a much better
> choice. After all, this should be freely copied.

Good point. License changed to CC-0.

Spec URL: http://miroslav.suchy.cz/fedora/distribution-gpg-keys.spec
SRPM URL:
http://miroslav.suchy.cz/fedora/distribution-gpg-keys-1.2-1.fc22.src.rpm

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1272235] Review Request: distribution-gpg-keys - Keys of various Linux distributions

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1272235

Zbigniew Jędrzejewski-Szmek  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
   Assignee|nob...@fedoraproject.org|zbys...@in.waw.pl
  Flags||fedora-review?



--- Comment #4 from Zbigniew Jędrzejewski-Szmek  ---
BTW, I think that this package is useful. It also meets packaging guidelines.
I'll wait a few more days for the discussion on the mailing list to wind down
though.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1272235] Review Request: distribution-gpg-keys - Keys of various Linux distributions

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1272235



--- Comment #3 from Zbigniew Jędrzejewski-Szmek  ---
(In reply to Miroslav Suchý from comment #2)
> > I think it is very useful and increases security of various cross-distro
> > installation. I wonder though whether not to remove Fedora and EPEL keys
> > from this, since they will be included in fedora-repos, or maybe to add a
> > check to make sure that they are identical in both packages.
> 
> bug 1246701 speaks just about old fedora keys, not about epel IIRC.
Oh, right, fedora-repos is only about Fedora repos and keys.

> > Regarding packaging:
> > - why not use a github tarball directly? It's much nicer than to force a git
> > clone and additional steps.
> 
> Because github tarball checksum was not stable in past (not sure if this
> changed recently). Also the URL is changing nearly each year. At least the
> URL we should use as suggested by Fedora Guidelines.
> And I do not use or create tar.gz at all. I just wrote
>   tito --srpm
> and it will craft (binary identical) tar.gz for me.
The tarballs are stable, and are actually recommended by the guidelines.
https://fedoraproject.org/wiki/Packaging:SourceURL#Git_Tags

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1272235] Review Request: distribution-gpg-keys - Keys of various Linux distributions

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1272235

Zbigniew Jędrzejewski-Szmek  changed:

   What|Removed |Added

 CC||zbys...@in.waw.pl
   See Also||https://bugzilla.redhat.com
   ||/show_bug.cgi?id=1246701



--- Comment #1 from Zbigniew Jędrzejewski-Szmek  ---
https://bugzilla.redhat.com/show_bug.cgi?id=1246701 is about including more
Fedora keys in fedora-repos.

There's also https://apps.fedoraproject.org/packages/archlinux-keyring for
similar purpose.

I think it is very useful and increases security of various cross-distro
installation. I wonder though whether not to remove Fedora and EPEL keys from
this, since they will be included in fedora-repos, or maybe to add a check to
make sure that they are identical in both packages.

Regarding packaging:
- why not use a github tarball directly? It's much nicer than to force a git
clone and additional steps.

- GPL, seriously? I'm all for GPL, but in this case CC-0 seems a much better
choice. After all, this should be freely copied.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review