On Mon, Aug 6, 2018 at 5:00 AM, Peter Pentchev <roam@xxxxxxxxxxx> wrote: > On Mon, Aug 06, 2018 at 02:26:51AM +0300, Peter Pentchev wrote: >> There is also another problem with fetching the needed libraries and >> their dependencies from the network during the build: to quote Forrest >> Gump, "you never know what you're going to get". The main reason >> I take part in packaging CPAN modules for Debian and I took part in >> packaging them for FreeBSD before that is that this is the only way >> to avoid unknown, unverified, and either buggy or malicious or both >> code slipping onto the user's system. >> >> Apologies if it feels like I'm pointing out the obvious, but it feels >> like it needs to be said. > > So how do people feel about an intermediate solution: have RPM packages > of the libraries' source, but then have a mechanism for the applications > to minimize/compress/pack them however they like at build time? > TBH, I haven't done pretty much any JavaScript work (apart from a single > BootStrap application with a couple of jQuery callbacks to a PHP > backend several years ago, but I don't think that should count), and > I have no idea how difficult it would be to convert a build system > that is used to fetching stuff from the online repositories to fetch it > from local paths instead, but, if it is feasible, this feels right to > me at least. > > G'luck, > Peter That's not an RPM solution, that's a webpack solution to teach it to use local tarballs instead of grabbing things elsewhere. It's also precisely what ant, maven, gradle, and python modules with pip do. So it's a quite common approach. _______________________________________________ packaging mailing list -- packaging@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to packaging-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/packaging@xxxxxxxxxxxxxxxxxxxxxxx/message/7YGI6J6FGOK7WJMMUFZXXZ6SJVBHZKN7/
