[OE-core] [PATCH 4/8] logrotate: replace fedorahosted.org SRC_URI with yoctoproject.org source
Jussi Kukkonen
jussi.kukkonen at intel.com
Mon Apr 3 08:30:21 UTC 2017
On 3 April 2017 at 10:53, Choong, Yin Thong <yin.thong.choong at intel.com>
wrote:
> Hi,
>
> The link seem like create by an individual, no a company or group.
> Therefore, we decide to drop this link and go for yoctoproject.org/mirror.
>
This is true, there's not that much in the repo itself to create trust. The
major show of trust is here though:
http://pkgs.fedoraproject.org/cgit/rpms/logrotate.git/commit/?id=9cb55142e51b82085d6c3136448c1f441454e351
Fedora/Red Hat themselves changed to use this repo when the fedorahosted
repos were EOL'd (see also Red Hat folks working on the github issues in
January).
If the release tarballs have been re-generated and the hashes no longer
match, I'd still prefer modifying the recipe to use github (after manually
diffing to make sure they are the same source release of course) but I can
understand a differing viewpoint in this case.
It would be good to mention the issue in the commit message, whichever way
this is solved.
Thanks,
Jussi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20170403/071cd9d7/attachment-0002.html>
More information about the Openembedded-core
mailing list