On Wed, 2013-05-08 at 22:59 -0400, Nico Kadel-Garcia wrote: > On Wed, May 8, 2013 at 1:02 PM, Adam Williamson <awilliam@xxxxxxxxxx> wrote: > > On 08/05/13 08:13 AM, Igor Gnatenko wrote: > >> > >> Thx. But why in oficially packages doesn't fixed? > > > > > > Does anyone know if it's actually the case that the guidelines require > > packages be buildable without internet access? I just had a quick search on > > obvious terms through https://fedoraproject.org/wiki/Packaging:Guidelines , > > and couldn't find anything. > > There are huge security issues with downloading source at build time: > someone who can manipulate your DNS or your proxies can get you > downloading, building, and installing some arbitrarily contaminated > source code. Also, repositories tend to evaporate or fail to publish > specific releases in specific locations. so the module you download > today may have nothing to do with the module of the same name that I > download tomorrow. Yes, I know that, thanks. I didn't ask for a lecture, but whether this was actually written down in the guidelines somewhere. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
