Build control-center in mock fail

Adam Williamson awilliam at redhat.com
Thu May 9 04:04:54 UTC 2013


On Wed, 2013-05-08 at 22:59 -0400, Nico Kadel-Garcia wrote:
> On Wed, May 8, 2013 at 1:02 PM, Adam Williamson <awilliam at redhat.com> wrote:
> > On 08/05/13 08:13 AM, Igor Gnatenko wrote:
> >>
> >> Thx. But why in oficially packages doesn't  fixed?
> >
> >
> > Does anyone know if it's actually the case that the guidelines require
> > packages be buildable without internet access? I just had a quick search on
> > obvious terms through https://fedoraproject.org/wiki/Packaging:Guidelines ,
> > and couldn't find anything.
> 
> There are huge security issues with downloading source at build time:
> someone who can manipulate your DNS or your proxies can get you
> downloading, building, and installing some arbitrarily contaminated
> source code. Also, repositories tend to evaporate or fail to publish
> specific releases in specific locations. so the module you download
> today may have nothing to do with the module of the same name that I
> download tomorrow.

Yes, I know that, thanks. I didn't ask for a lecture, but whether this
was actually written down in the guidelines somewhere.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net



More information about the devel mailing list