-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Justin
Justin Pryzby wrote: [...] | 1. Assert that every .orig.tar.gz which does not extract to | foo_ver.orig/ is identical to the one provided by upstream. [...] | 1 is a safety measure. It prevents people from using a nonoriginal | .orig, for example, to plant a trojan. It also acts as a check; of | course, every .orig should be original.
Not all .orig.tar.gz should be the same as upstream's because of licensing issues for example.
Cheers
Luk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCQb085UTeB5t8Mo0RAjYRAJ4shh6veAcpRoLhpGgcZtaDJslFagCff4l6 zWpgq8RDnsqvPiCoOxuFm5g= =tziB -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
