On 02/09/2017 12:53 PM, Johnny Hughes wrote: > On 02/09/2017 12:50 PM, Leonard den Ottolander wrote: >> Hello John, >> >> On Thu, 2017-02-09 at 16:33 +0000, John Hodrien wrote: >>> On Thu, 9 Feb 2017, Leonard den Ottolander wrote: >>> >>>> How about my request for checksums in the git repo? >>> >>> What checksums would you actually want in git? >> >> SRPMS are signed which allows the integrity of the contents to be >> checked. Such an integrity check is missing from the git repo. >> >> Either a checksum file for each file or a single checksums file per >> package/release holding all checksums for all files of said >> package/release (including the tarballs that are downloaded with >> get_sources.sh). >> >> Regards, >> Leonard. >> > > Red Hat exports the source code to the repo, I don't think they are > going to change what the put in. It is an extracted SRPM. At the time of extraction, the <name>.metadata file is created (again, not by us, but by the Red Hat team that distributes source), and all the non-text sha1sums are in there as well as all the text sources. You can see who modifies any of those files (the text sources and the text <name>.metadata file). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20170209/e608ce0f/attachment-0004.sig>