I've just finished another run of my sourcecheck script against all the Fedora devel packages.
What is that you might ask? It's a pretty basic shell script that does:
- Operates over a full Fedora CVS checkout (which you can get from: http://cvs.fedoraproject.org/webfiles/)
- For each package it runs 'spectool -g *.spec' to fetch any Source files that have a URI.
- It checks any downloaded sources against the 'sources' file in CVS (which has a md5 checksum of the package sources from the lookaside cache
- It generates a basic log line for that package about what happened
So, why would I do this? Because it notices problems that we should fix. If a source is no longer available at the URI in our package it should be updated. If source has changed upstream without a new version, upstream maintainers should be notified and the issue corrected. If some maintainer checked in sources that don't match the upstream project we should find out why. Imagine an end user looking at your spec file and trying to download sources for a package that they would like to contribute to, only to find that the URI is wrong.
This is the kind of thing that the AutoQA project should hopefully be able to take over at some point, but I'm happy to run my script until then. With AutoQA hopefully we can check this at spec/sources checkin time and stop the package update/import until the issue gets fixed. Until then we shall just have to clean things up as best we can.
So, if you maintain packages in Fedora, do take a minute to look for your name in
http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20100105.txt and fix up the Source URI's in any packages listed. It's the right thing to do.
EDITED TO ADD: Sigh. Looks like my devel checkout was from an old checkout, so some/many of the results here will not be current. I am re-running it again against the current devel packages and should have an updated list in a few days. ;( Sorry for the trouble.