You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "James E. King III (JIRA)" <ji...@apache.org> on 2019/01/07 21:06:00 UTC
[jira] [Updated] (THRIFT-1439) debian packaging: do not download
dependencies during build
[ https://issues.apache.org/jira/browse/THRIFT-1439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James E. King III updated THRIFT-1439:
--------------------------------------
Priority: Minor (was: Major)
> debian packaging: do not download dependencies during build
> -----------------------------------------------------------
>
> Key: THRIFT-1439
> URL: https://issues.apache.org/jira/browse/THRIFT-1439
> Project: Thrift
> Issue Type: Bug
> Components: Deployment
> Environment: any Debian-based OS
> Reporter: paul cannon
> Priority: Minor
> Labels: debian
>
> It is very much against Debian procedure and policy for a package build process to download dependencies from the internet. There are a lot of reasons for this; among them, guaranteed build repeatability, security auditability, non-reliance on websites remaining available, and license auditability.
> The thrift Debian packaging (in contrib/) should use Maven in offline mode, if Maven is actually required for the Java build phase. Build-dependencies should be expressed as a list of Debian packages under "{{Build-Depends:}}" in debian/control.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)