On quinta-feira, 16 de junho de 2016 11:29:03 PDT Philippe Coval wrote: > On Thu, Jun 16, 2016 at 9:04 AM, Thiago Macieira <thiago.macieira at > intel.com> > wrote: > > On quarta-feira, 15 de junho de 2016 19:55:05 PDT Gregg Reynolds wrote: > > > There's nothing wrong in principle with downloading dependencies; it all > > > depends on how seamlessly you do it > > About deps there is something that might require manual setup for OSX : > > https://build.iotivity.org/ci/job/Verify-Iotivity-OSX/9012/ > > https://gerrit.iotivity.org/gerrit/#/q/status:open+project:iotivity+branch:1 > .1-rel > > IMHO, expecting manual intervention from user or sysadmins, is adding more > risk of randomness.
Yes. But required. I guess sysadmins much prefer to control what gets downloaded and installed than not, even if it means a little more work. Work that is done once and forever. > Note that the whole yocto project is fetching deps and storing them in a > cache, > maybe we could setup an share a such archive to ensure the builds will be > reproducible in future. Yes, but that's *Yocto* doing that, using the recipe files that Yocto provides. That means it controls the Bill of Material, it will add all the necessary licences to the licence summary, it will create the necessary packages, etc. Our Scons downloads will do none of that. Don't underestimate this work. Even BSD-licensed software often has the "reproduce this copyright in the documentation" requirement, which means someone must collate all the copyrights that need to be listed. Does our Scons build do that? No? Then don't download. We can provide the SPDX information of what packages we need and if a tool like Yocto's can consume it, great. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center
