Build control-center in mock fail

Nico Kadel-Garcia nkadel at gmail.com
Fri May 17 02:48:05 UTC 2013


On Thu, May 9, 2013 at 12:12 AM, Rahul Sundaram <metherid at gmail.com> wrote:
> Hi
>
>
> On Thu, May 9, 2013 at 12:04 AM, Adam Williamson wrote:
>>
>>
>>
>> Yes, I know that, thanks. I didn't ask for a lecture, but whether this
>> was actually written down in the guidelines somewhere.
>
>
> It is not written down as policy and since the tools themselves enforce
> this, I don't think it has been needed
>
> Rahul

Which tool enforces this? Unless the toolkit for the build
environments is completely isolated from the Internet and uses only
disk access or local VLAN for it's access to source file repositories,
this can be very difficult to enforce. I'll admit I've not tried
taking koji's source apart to verify this behavior. But I continue to
run across Java based SRPM's that use "maven" and wind up with broken
URL's or insufficiently specific URL's that just grab the latest
modules from their relevant upstream repo. And I've even encountering
SRPM's in private use that do "wget" pulls for source code as part of
the build process. I even job interviewed for an open source project
last year that did "git clone [github master repo]" clones to obtain
their source code.

It would make my life easier to have a stated policy I can point
packagers to in the wide world. Please?


More information about the devel mailing list