couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noah Slater <nsla...@apache.org>
Subject Re: tracking upstream dependencies
Date Fri, 26 Nov 2010 21:15:00 GMT

On 26 Nov 2010, at 20:58, Dirkjan Ochtman wrote:

> On Fri, Nov 26, 2010 at 21:44, Noah Slater <nslater@apache.org> wrote:
>> But assuming we got this working, we face the problem of not being able to apply
our own patches. Also, the software it downloads might have some bug in it that was introduced
a week, day, or hour before the release was made. How would we defend ourselves against this?
> 
> You pull a specific version tarball and check it against a checksum?

If we have a checksum, what's the point?

Why not just include the original source the checksum is taken from?
Mime
View raw message