thrift-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James E. King III (JIRA)" <>
Subject [jira] [Commented] (THRIFT-1439) debian packaging: do not download dependencies during build
Date Fri, 01 Feb 2019 05:08:00 GMT


James E. King III commented on THRIFT-1439:

I looked at our debian/control file and it looks like it's woefully out of date... leaving
this open.

> debian packaging: do not download dependencies during build
> -----------------------------------------------------------
>                 Key: THRIFT-1439
>                 URL:
>             Project: Thrift
>          Issue Type: Bug
>          Components: Deployment
>         Environment: any Debian-based OS
>            Reporter: paul cannon
>            Priority: Minor
>              Labels: debian
> It is very much against Debian procedure and policy for a package build process to download
dependencies from the internet. There are a lot of reasons for this; among them, guaranteed
build repeatability, security auditability, non-reliance on websites remaining available,
and license auditability.
> The thrift Debian packaging (in contrib/) should use Maven in offline mode, if Maven
is actually required for the Java build phase. Build-dependencies should be expressed as a
list of Debian packages under "{{Build-Depends:}}" in debian/control.

This message was sent by Atlassian JIRA

View raw message