Re: dehs will stop
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Justin
Justin Pryzby wrote:
[...]
| 1. Assert that every .orig.tar.gz which does not extract to
| foo_ver.orig/ is identical to the one provided by upstream.
[...]
| 1 is a safety measure. It prevents people from using a nonoriginal
| .orig, for example, to plant a trojan. It also acts as a check; of
| course, every .orig should be original.
Not all .orig.tar.gz should be the same as upstream's because of
licensing issues for example.
Cheers
Luk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCQb085UTeB5t8Mo0RAjYRAJ4shh6veAcpRoLhpGgcZtaDJslFagCff4l6
zWpgq8RDnsqvPiCoOxuFm5g=
=tziB
-----END PGP SIGNATURE-----
Reply to: