7 Jul
2014
7 Jul
'14
9:01 a.m.
hi,
given that srpms contain upstream tarballs, in most cases directly linked from upsream; I wonder if its worth while setting up a service that can track git commits, extract the urls for our lookaside tarballs and compare them with the upstream projects's release tarballs.
this would be a great addition to the ci.dev.centos.org infra, and could add another data point to the 'can-we-trust-this' mindset.
- KB
--
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc