| 1 |
On Tue, Mar 31, 2020 at 09:18:32PM -0400, Michael Orlitzky wrote: |
| 2 |
> On 3/31/20 8:48 PM, Samuel Bernardo wrote: |
| 3 |
> > |
| 4 |
> > My question started with the network sandbox issue when we need to load |
| 5 |
> > external code dependencies. For example, a go project will download all |
| 6 |
> > dependencies from git repositories that will happen after src_unpack. In |
| 7 |
> > this case I need to add an additional tar.gz with that code along with |
| 8 |
> > the software release tar.gz. |
| 9 |
Samuel: |
| 10 |
I already proved that using go-module.eclass EGO_SUM it will NOT use Git |
| 11 |
repositories, and all of the fetching will happen long before |
| 12 |
src_unpack. Why do you persist with your statement to the contrary? |
| 13 |
|
| 14 |
> > That additional tar.gz needs to be stored somewhere and as I understand |
| 15 |
> > local mirror could be the right place. |
| 16 |
> |
| 17 |
> Normally we don't bundle dependencies, avoiding that problem entirely. |
| 18 |
> The Go eclasses however are badly designed, committed against protest by |
| 19 |
> paid corporate interests, and serve only to facilitate large-scale |
| 20 |
> copyright infringement and security vulnerabilities. If you're looking |
| 21 |
> for a consistent explanation of how they're supposed to work with the |
| 22 |
> rest of Gentoo, you won't find one. |
| 23 |
mjo: Can you please substantiate your claims? |
| 24 |
|
| 25 |
It would have been nice to have heard your concerns during February, any |
| 26 |
of one the three times that William and I posted the go-module.eclass |
| 27 |
EGO_SUM development work for review on this mailing list. I don't see a |
| 28 |
single email from you during that entire period. |
| 29 |
|
| 30 |
The EGO_SUM support explicitly ensured that upstream distfiles (for each |
| 31 |
dependency) remained absolutely as upstream provided them, without |
| 32 |
merging the distfiles together or altering their content in way (I admit |
| 33 |
that the exact naming of the distfiles changed, because it was terrible, |
| 34 |
v0.0.0-20190311183353-d8887717615a.zip for example). |
| 35 |
|
| 36 |
-- |
| 37 |
Robin Hugh Johnson |
| 38 |
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer |
| 39 |
E-Mail : robbat2@g.o |
| 40 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
| 41 |
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |
Archives