Build control-center in mock fail

David dgboles at
Thu May 9 03:05:36 UTC 2013

On 5/8/2013 10:59 PM, Nico Kadel-Garcia wrote:
> On Wed, May 8, 2013 at 1:02 PM, Adam Williamson <awilliam at> wrote:
>> On 08/05/13 08:13 AM, Igor Gnatenko wrote:
>>> Thx. But why in oficially packages doesn't  fixed?
>> Does anyone know if it's actually the case that the guidelines require
>> packages be buildable without internet access? I just had a quick search on
>> obvious terms through ,
>> and couldn't find anything.
> There are huge security issues with downloading source at build time:
> someone who can manipulate your DNS or your proxies can get you
> downloading, building, and installing some arbitrarily contaminated
> source code. Also, repositories tend to evaporate or fail to publish
> specific releases in specific locations. so the module you download
> today may have nothing to do with the module of the same name that I
> download tomorrow.
> This is one of the absolute banes of all the "grab and build it when
> you need it and only when you need it" approaches, such as CPAN,
> rubygems, and maven.

You forgot to mention the evil monkey that lives in your closet or the
monster that lives under your bed or the things that go bump in the
night.   :-)



More information about the devel mailing list