Re: "downloads during build" pkg fail reason

To: maya%netbsd.org@localhost
Subject: Re: "downloads during build" pkg fail reason
From: Mayuresh <mayuresh%acm.org@localhost>
Date: Wed, 24 Apr 2019 06:58:32 +0530

On Tue, Apr 23, 2019 at 07:43:53PM +0000, maya%netbsd.org@localhost wrote:
> On Tue, Apr 23, 2019 at 03:20:29PM +0530, Mayuresh wrote:
> > wip/py-chemlab has this:
> > 
> > BROKEN=                "downloads during build (distribute_setup.py)"
> > 
> > What do we do in such situations anyway? There may have been such packages
> > before.
> > 
> > What are the implications (to pkgsrc build process and to security etc) if
> > a package does so?
> > 
> > Mayuresh
> 
> We keep local copies of downloads and verify that they are the same as
> the time in the commit. it poses higher risk tot he user if the files
> could be modified without us noticing. there have been cases of servers
> getting compromised for example.

Is there any example of a package where pkgsrc has dealt with this
situation?

Mayuresh

References:
- "downloads during build" pkg fail reason
  - From: Mayuresh
- Re: "downloads during build" pkg fail reason
  - From: maya

Prev by Date: Re: "downloads during build" pkg fail reason
Next by Date: Re: misc/calibre fails to start
Previous by Thread: Re: "downloads during build" pkg fail reason
Next by Thread: Failed subversion build CentOS 7
Indexes:

Home | Main Index | Thread Index | Old Index