Re: "downloads during build" pkg fail reason

To: pkgsrc-users <pkgsrc-users%netbsd.org@localhost>
Subject: Re: "downloads during build" pkg fail reason
From: maya%netbsd.org@localhost
Date: Tue, 23 Apr 2019 19:43:53 +0000

On Tue, Apr 23, 2019 at 03:20:29PM +0530, Mayuresh wrote:
> wip/py-chemlab has this:
> 
> BROKEN=                "downloads during build (distribute_setup.py)"
> 
> What do we do in such situations anyway? There may have been such packages
> before.
> 
> What are the implications (to pkgsrc build process and to security etc) if
> a package does so?
> 
> Mayuresh

We keep local copies of downloads and verify that they are the same as
the time in the commit. it poses higher risk tot he user if the files
could be modified without us noticing. there have been cases of servers
getting compromised for example.

Follow-Ups:
- Re: "downloads during build" pkg fail reason
  - From: Mayuresh

References:
- "downloads during build" pkg fail reason
  - From: Mayuresh

Prev by Date: Anyone tried samba4?
Next by Date: Re: "downloads during build" pkg fail reason
Previous by Thread: "downloads during build" pkg fail reason
Next by Thread: Re: "downloads during build" pkg fail reason
Indexes:

Home | Main Index | Thread Index | Old Index