perhaps during submission sources could be checked against .asc or .sig files. and actually, i donno if this is feasible or not, perhaps upload could be done during submission step as well? (sources who are url format). for big source files and upload step this could be helpful.
what would be the use of this ?
CC: (none) => boklm
imo: if you have a huge source file and a slow upload internet, it could be beneficial to have the servers in datacenter fetching the missing files themselves. in fact updating to a newer version, could maybe even delete the old and upload the new one in the submit step. I'm not saying it's important, it isn't, but it could be nice.
Priority: Normal => Low
I was talking about checking .asc or .sig files.
oh, doublechecking if the source is actually correct and rejecting submission if it is not.
For download of files directly on the server, I was thinking about adding this as an option in mgarepo sync, with the new binrepo (to pass an URL instead of a file on stdin). But it seems I was too lazy and did not do it. And now I am no longer in sysadmin. But someone else can do it.
(In reply to comment #4) > oh, doublechecking if the source is actually correct and rejecting submission > if it is not. We already have the sha1 to check that the source is correct. And we cannot know which key to use to check the signature files.
hmm, you have a point there...
pinging. because nothing happened to this report since more than 3 months ago, and it still has the status NEW @ AL13N Maybe I didn't read attentively enough, but is it correct that this report isn't about checking submission sources against .asc or .sig files any more? If so, please adjust the summary of this bug to what it should be, or close it if there is no issue left to fix :)
CC: (none) => marja11
(In reply to comment #6) > (In reply to comment #4) > > oh, doublechecking if the source is actually correct and rejecting submission > > if it is not. > > We already have the sha1 to check that the source is correct. And we cannot > know which key to use to check the signature files. they are correct between the link of packager and submission, but not from upstream. but otoh, packager needs to check this anyway, so that's sort only useful for a very tiny percentage... changing it to what this is about now: what would be really beneficial is a mgarepo command that works like this: []$ mgarepo getupstream 1.12.3 modifies spec file, gets newer sources and deletes old sources, makes everything ready for commit. perhaps this could indeed be a sync option, or just separate...
Summary: handling of .asc (or .sig) files (and perhaps url sources in general) => nice handling of url sources when getting new version
You can already modify the spec file for the new version, then run mgarepo sync -d to download the new files.
ah, ok, then this is sufficient for me; closing issue as resolved (does it delete the old ones too?)
Status: NEW => RESOLVEDResolution: (none) => FIXED
CC: boklm => (none)