> >1. There are two possible packaging schemes
> > a. Keep only original .xpi in the .orig.tar.gz, and extract/dpatch it
> > at build time.
> > b. Keep unzipped .xpi in .orig.tar.gz.
> > I was going the b. way but now I think that keeping original .xpi
> > would be better
> I'm no DD, but I would say (a) is nicer because then a checksum can be verified more easily.
:-) Actually this is the only way the checksum can be verified ;-) as
soon as you extract it, there is no way (besides downloading xpi,
extracting and md5suming all the files) to verify the authenticity of
upstream release.
This is what I think and that is why I would like to move over keeping
original .xpi. And the question is did anyone done it proper way to
automate it with uscan + svn-upgrade... :-)
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
Attachment:
pgppGHLRQv6Qj.pgp
Description: PGP signature