Build control-center in mock fail
nkadel at gmail.com
Fri May 17 02:48:05 UTC 2013
On Thu, May 9, 2013 at 12:12 AM, Rahul Sundaram <metherid at gmail.com> wrote:
> On Thu, May 9, 2013 at 12:04 AM, Adam Williamson wrote:
>> Yes, I know that, thanks. I didn't ask for a lecture, but whether this
>> was actually written down in the guidelines somewhere.
> It is not written down as policy and since the tools themselves enforce
> this, I don't think it has been needed
Which tool enforces this? Unless the toolkit for the build
environments is completely isolated from the Internet and uses only
disk access or local VLAN for it's access to source file repositories,
this can be very difficult to enforce. I'll admit I've not tried
taking koji's source apart to verify this behavior. But I continue to
run across Java based SRPM's that use "maven" and wind up with broken
URL's or insufficiently specific URL's that just grab the latest
modules from their relevant upstream repo. And I've even encountering
SRPM's in private use that do "wget" pulls for source code as part of
the build process. I even job interviewed for an open source project
last year that did "git clone [github master repo]" clones to obtain
their source code.
It would make my life easier to have a stated policy I can point
packagers to in the wide world. Please?
More information about the devel