https://bugzilla.redhat.com/show_bug.cgi?id=2386164 --- Comment #2 from David Auer <dreua@xxxxxxxxx> --- I think (2) has been resolved upstream. Any thoughts or comments on the other points? Especially on 3: Would you be willing to change that or would it be the duty of the reviewer to decide whether the current state is acceptable or not? (If so, why is necessary for this package?) I'm seeing commit based downloads like this in packages where there are no tagged versions upstream or whenever someone wants to build on a specific commit which isn't tagged. In those cases there usually is a date based string and part of the commit in the Release field of the package. That isn't the case here and I think the default would be to not reference any commits but just go with the tagged version in this case. (We store the tarball checksum in git and the tarball itself in dist-git so I don't see any reason to pin it to a git commit for security reasons or anything like that.) -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2386164 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202386164%23c2 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
