 Home |
Products |
Support |
Community |
News |
xen-devel
Re: [Xen-devel] Different xen-3.4.3.tar.gz in Fedora RPM
| To: | Keir Fraser <keir.fraser@xxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [Xen-devel] Different xen-3.4.3.tar.gz in Fedora RPM |
| From: | Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx> |
| Date: | Fri, 18 Jun 2010 15:07:40 +0200 |
| Cc: | "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx> |
| Delivery-date: | Fri, 18 Jun 2010 06:13:06 -0700 |
| Dkim-signature: | v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:date:from:mime-version:to:cc:subject:references:in-reply-to:content-type; s=smtpout; bh=mOmGTSKSBxmQKoMtUM7WtDMmdu0=; b=f2NDngAvDhGtLnLi7MRqIviKKVl2/hSa2Xp4SZaDnF+o+kk7ruDeGknNa8Us7HjBa6LXDOLKwSparlz1lcY8UVMzN23FAHegZmKYuE2FLEYThx375vSNXrPhvcruhOSJoQO0zpJYOVpzrqPkhlXsp7xT9hYJ8PqPfIq3xl2IA5g= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| In-reply-to: | <C8412BD7.17D2F%keir.fraser@xxxxxxxxxxxxx> |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| References: | <C8412BD7.17D2F%keir.fraser@xxxxxxxxxxxxx> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
| User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100330 Fedora/3.0.4-1.fc12 Lightning/1.0b2pre Thunderbird/3.0.4 |
On 06/18/2010 02:57 PM, Keir Fraser wrote: > On 18/06/2010 13:10, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx> > wrote: > >> So, I downloaded xen-3.4.3.tar.gz from fedora mirror (using their >> original Makefile for RPM building), and diffed the two versions -- >> changes (cosmetic cleanup mostly) are innocent, but, hey, why would >> anybody do such a thing? After allm we would expect only one version of >> xen-XXX.tar.gz, right? Patches should be the proper way for customizing >> tarballs for packaging, no? >> >> Or am I missing something? > > Well, I think this and your other point have one simple answer. If I wanted > the maximum possible confidence in the bits I was building, I would obtain > them from the original source, as it were. In this case that means, for > example: > # hg clone -r RELEASE-3.4.3 http://xenbits.xensource.com/xen-3.4-testing.hg > If you want your own tarball for some reason: > # hg archive -t tgz xen-3.4.3.tar.gz > > It doesn't seem very hard to me. I maintain the repo and sign the releases > myself. But you *do* publish sigs for Xen 4: http://bits.xensource.com/oss-xen/release/4.0.0/xen-4.0.0.tar.gz.sig So, why can't you do the same for 3.4.3 tarball? Sure, I could use hg in my RPM Makefile, but this would require me to install hg first, and also the download process I think takes longer than if it was a simply tar, and also requires to create a tmp directory that later must be removed. > Downloading tarballs from Fedora, or even from our own xen.org > website, introduces more people between you and me. And it seems you > very likely care about that. > From the security point of view it doesn't matter, as long as both are signed by one of the keys signed by xen.org. j.
_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Xen-devel] Different xen-3.4.3.tar.gz in Fedora RPM, Keir Fraser |
|---|---|
| Next by Date: | Re: [Xen-devel] Different xen-3.4.3.tar.gz in Fedora RPM, Keir Fraser |
| Previous by Thread: | Re: [Xen-devel] Different xen-3.4.3.tar.gz in Fedora RPM, Keir Fraser |
| Next by Thread: | Re: [Xen-devel] Different xen-3.4.3.tar.gz in Fedora RPM, Keir Fraser |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
