On Wed, May 8, 2013 at 1:02 PM, Adam Williamson <awilliam@xxxxxxxxxx> wrote: > On 08/05/13 08:13 AM, Igor Gnatenko wrote: >> >> Thx. But why in oficially packages doesn't fixed? > > > Does anyone know if it's actually the case that the guidelines require > packages be buildable without internet access? I just had a quick search on > obvious terms through https://fedoraproject.org/wiki/Packaging:Guidelines , > and couldn't find anything. There are huge security issues with downloading source at build time: someone who can manipulate your DNS or your proxies can get you downloading, building, and installing some arbitrarily contaminated source code. Also, repositories tend to evaporate or fail to publish specific releases in specific locations. so the module you download today may have nothing to do with the module of the same name that I download tomorrow. This is one of the absolute banes of all the "grab and build it when you need it and only when you need it" approaches, such as CPAN, rubygems, and maven. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
