Tim, It is not just an open source thing. In our world we can't build on the production servers with arbitrary binaries in the tree. We have to file paper work to get an exemption, and given we can build the tools in our source base the answer would always be don't check in the binary.
I would assume that a given EFI team at company X could always build and check-in tools binaries as part of their source control repo. But it would be good if that was easy and documented. I'd also point out worse case this is all open source so another project could always provide tools snapshots.... Thanks, Andrew Fish > On Mar 8, 2018, at 1:36 PM, Tim Lewis <tim.le...@insyde.com> wrote: > > Laszlo, Erik -- > > I understand this dislike from some open source developers. I respect that > and am glad that EDK2 provides a way to accommodate this preference. But > "most" is a strong term. I would venture to say that a good number (and > probably the majority) of the people using EDK2-derived code and tools are > fine with the current situation. > > The only reason I would have Python on most of my company's dev systems would > be for EDK2. Since (a) the current system is working and (b) since the > possibility for rebuild is available for those who want it, it doesn't weigh > heavily enough IMO to change the current situation. > > Regards, > > Tim > > -----Original Message----- > From: Laszlo Ersek <ler...@redhat.com> > Sent: Thursday, March 8, 2018 1:19 PM > To: Tim Lewis <tim.le...@insyde.com>; 'Bjorge, Erik C' > <erik.c.bjo...@intel.com>; edk2-devel@lists.01.org > Subject: Re: [edk2] RFC: Proposal to halt automatic builds of Windows > BaseTools executables > > On 03/08/18 19:05, Tim Lewis wrote: >> Erik -- >> >> What is the justification? Moving from more immediately usable to less >> immediately usable doesn't seem, on the surface, to be a good direction. >> Why not go the other direction and pre-build the binaries for the >> other environments? > > I'd just like to offer one data point for the last question: most open source > developers *really* dislike running any native binaries that were built by > neither (a) themselves nor (b) the provider of their OS distribution. > > To give you an example for (b), Fedora provides the "edk2-tools" package > (built from the "edk2" source package), and "edk2-tools" definitely installs > native binaries: > > https://koji.fedoraproject.org/koji/rpminfo?rpmID=13354362 > > The difference is that these binaries were built in a build environment that > matches the rest of Fedora [*] and is generally trusted by Fedora users. > > [*] For example, binaries could be instrumented for security purposes > system-wide; some buffer overflows in a native (C) application could be > caught automatically as a result. > > Thanks, > Laszlo > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
