Bug 463903

Summary: Source URL in spec file is wrong
Product: [Fedora] Fedora Reporter: Richard W.M. Jones <rjones>
Component: libjpegAssignee: Tom Lane <tgl>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: berrange, hhorak, matthias, tgl
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-09-25 12:56:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Richard W.M. Jones 2008-09-25 08:30:20 UTC 
The spec file contains this source URL:
  Source0: ftp://ftp.uu.net/graphics/jpeg/jpegsrc.v6b.tar.bz2
However, this file is missing.  It appears the extension should
be '.gz' instead.
Comment 1 Tom Lane 2008-09-25 12:00:01 UTC 
Well, the reason it says bz2 is that some previous maintainer of the package decided to repack gz to bz2, I suppose to make the SRPM smaller.  Doesn't really seem worth changing it to me ...
Comment 2 Daniel Berrangé 2008-09-25 12:13:29 UTC 
The bz2 is not an official upstream source archive though - its some custom re-spin job by the original RHL maintainer. All Fedora packages should be using the pristine upstream source unless there's specific code we need to remove for legal reasons.

  http://fedoraproject.org/wiki/Packaging/ReviewGuidelines

"- MUST: The sources used to build the package must match the upstream source, 
   as provided in the spec URL. Reviewers should use md5sum for this task. If no 
   upstream URL can be specified for this package, please see the  Source URL 
   Guidelines for how to deal with this."


The specific reason why we noticed this problem is that we run automated tools on MinGW packages to verify that their contents match the corresponding native packages. MinGW libjpeg source matches upstream, and hence our integrity reports flagged up this problem in native package of not using a verifiable upstream source.
Comment 3 Richard W.M. Jones 2008-09-25 12:14:40 UTC 
It's kind of important for MinGW, because we are basing our
mingw32-libjpeg package off this one, using automated tools
to routinely compare the differences in the specfiles.

Either our tools will warn about this bug, or we'll get
a Source-URL bug filed against our package too.

I don't mind making the change if I have commit access.
Comment 4 Tom Lane 2008-09-25 12:56:44 UTC 
OK, done in HEAD.
Comment 5 Matthias Saou 2008-12-22 21:52:44 UTC 
Note that I had already fixed this a long time ago in bug #226032 (the merge review). I'm updating the patch in that report right now, and I'd appreciate if the current libjpeg maintainer could have a quick look at it.