On 3 April 2017 at 09:30, Jussi Kukkonen <jussi.kukkonen@intel.com> wrote:

> This is true, there's not that much in the repo itself to create trust.
> The major show of trust is here though: http://pkgs.fedoraproject.org/
> cgit/rpms/logrotate.git/commit/?id=9cb55142e51b82085d6c3136448c1f
> 441454e351
> Fedora/Red Hat themselves changed to use this repo when the fedorahosted
> repos were EOL'd (see also Red Hat folks working on the github issues in
> January).
>

So logrotate was originally hosted on Fedora infrastructure that is then
shut down, a github repository appears and Fedora fetch from that github
repository.  Also the commit in the github repository to change the README
from fedorahosted to github (
https://github.com/logrotate/logrotate/commit/09c4fa8bc6cf2c01bad24d33c3ea69371030c014)
was committed by a Red Hat employee (https://github.com/kdudka).

Whilst there are many official-looking forks on github that are just Some
Guy, this is clearly the new canonical home.

Ross