On Wed, Mar 23, 2005 at 08:02:20PM +0100, Luk Claes wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Justin > > Justin Pryzby wrote: > [...] > | 1. Assert that every .orig.tar.gz which does not extract to > | foo_ver.orig/ is identical to the one provided by upstream. > [...] > | 1 is a safety measure. It prevents people from using a nonoriginal > | .orig, for example, to plant a trojan. It also acts as a check; of > | course, every .orig should be original. > > Not all .orig.tar.gz should be the same as upstream's because of > licensing issues for example. If it is not the original .orig, then it should extract to foo-ver.orig/, as recommended by debref.
Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
