[
https://issues.apache.org/jira/browse/THRIFT-1439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16757974#comment-16757974
]
James E. King III commented on THRIFT-1439:
-------------------------------------------
I looked at our debian/control file and it looks like it's woefully out of
date... leaving this open.
> debian packaging: do not download dependencies during build
> -----------------------------------------------------------
>
> Key: THRIFT-1439
> URL: https://issues.apache.org/jira/browse/THRIFT-1439
> Project: Thrift
> Issue Type: Bug
> Components: Deployment
> Environment: any Debian-based OS
> Reporter: paul cannon
> Priority: Minor
> Labels: debian
>
> It is very much against Debian procedure and policy for a package build
> process to download dependencies from the internet. There are a lot of
> reasons for this; among them, guaranteed build repeatability, security
> auditability, non-reliance on websites remaining available, and license
> auditability.
> The thrift Debian packaging (in contrib/) should use Maven in offline mode,
> if Maven is actually required for the Java build phase. Build-dependencies
> should be expressed as a list of Debian packages under "{{Build-Depends:}}"
> in debian/control.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
