| Message view | « Date » · « Thread » |
|---|---|
| Top | « Date » · « Thread » |
| From | Dirkjan Ochtman <dirk...@ochtman.nl> |
| Subject | Re: tracking upstream dependencies |
| Date | Fri, 26 Nov 2010 20:58:35 GMT |
On Fri, Nov 26, 2010 at 21:44, Noah Slater <nslater@apache.org> wrote: > But assuming we got this working, we face the problem of not being able to apply our own patches. Also, the software it downloads might have some bug in it that was introduced a week, day, or hour before the release was made. How would we defend ourselves against this? You pull a specific version tarball and check it against a checksum? Cheers, Dirkjan | |
| Mime |
|
| View raw message | |