On 3/26/11 12:44 PM, Lamar Owen wrote: > > Les, the upstream source RPMs aren't even the "source source" for the upstream build; SRPMS are just a by product of the build of the binaries from source in an SCM (managed by Red Hat's koji), and in theory, given the same identical environment that built the upstream binaries they will re-build to the same binary. The environment is the hard thing to replicate, since it is a moving target, and each build changes it slightly. It's questionable if upstream could exactly replicate it from their own source RPM's without significant effort (that is, outside of koji). I don't see how you could miss if you did a 2nd rebuild where the libraries populating the build environment are the product of the source you are shipping (correct dependency listings or not). Or how you can claim to be shipping source that matches your binaries if you don't do it that way. Does an rpmbuild --rebuild of one of the packages in question on a stock RH system create a binary that would fail the CentOS QA? -- Les Mikesell lesmikesell at gmail.com