On Saturday 27 August 2005 04:38, Junichi Uekawa wrote: > Hi, Hello,
> > dpatch-get-origtargz should provide a way to do sum checking > > (md5, sha1) to ensire that the contents of upstream file was has not been > > silently changed for some reason keeping the same file name. > > > > I suggest that dpatch-get-origtargz accept options for exact url to > > download the tarball from (since the one provided in watch file might not > > be reliable when patterned) and checksum to verify against. > > Patch welcome. Well I can try when time permits. > Shouldn't be too hard ti implement what you say; but I am doubtful if it's > really feasible or easy to maintain the hash sum on developer side. The dpatch-get-origtargz script should have a mechenism to provide a hashsum verification, not the sums themselves, which will be provided by the packager. E.g.: dpatch-get-origtargz <origtardir> <exact_url> <hashsum> I think this could be called from debian/rules to bootstrap the fetch and the build at once. -- pub 4096R/0E4BD0AB 2003-03-18 <people.fccf.net/danchev/key pgp.mit.edu> fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
