Re: [Rpm-maint] [rpm-software-management/rpm] RFE: drop rpmlib() poisoning from --short-circuit'ed binaries (Issue #3091)
I think we just see this a bit differently… I don't think it's "encouraging" to allow something to be done via an explicit option. The reason why I'd prefer to have no marking at all is that personally, most commonly I use short-circuit to do repeat builds while tweaking either the %install or %files sections or the Provies/Obsoletes/Conflicts sections and compare the results using `rpmdiff` and `diffoscope`. Injection of the marking is going to show up in those listings. Obviously it can be filtered out or ignored, but it's always an additional step to take, and it's be just more convenient to not have to do that. (Obviously, just a "watermark" is much better than the previous state where the rpms were not installable without `--nodeps`, making them unusable for many tests.) -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/3091#issuecomment-2107348162 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RFE: drop rpmlib() poisoning from --short-circuit'ed binaries (Issue #3091)
The bad is that it disagrees with rpm design philosophy where the package goes from a source to a binary in one uninterrupted reproducible (in a sense) go. It's of course possible to circumvent that in any number of ways, but encouraging it by making it easy is a whole can of worms. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/3091#issuecomment-2107164699 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RFE: drop rpmlib() poisoning from --short-circuit'ed binaries (Issue #3091)
Just a watermark would be much better than _status quo_. > There have been people wanting to distribute packages built with > short-circuit, just to shorten their build times basically. Actually, I don't think this would be so bad. There are countless ways in which somebody can mess up a package build. In particular, just put wrong files or badly compiled files in the package and there isn't much that the build system can do against that. If somebody is savvy enough to successfully set a build system that uses some form of caching and short-circuit, why would this be a problem? I think trying to prevent this is similar to trying to prevent somebody from using inappropriate build flags, i.e. not possible to actually implement and actually not useful. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/3091#issuecomment-2107148807 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RFE: drop rpmlib() poisoning from --short-circuit'ed binaries (Issue #3091)
> The whole idea of "prevent people from distributing them" doesn't make much > sense. You cannot build a package with --short-circuit "accidentally". It's a > very long option that you need to insert in the right place. And I guess > "otherwise" means "maliciously" here Obviously you can't use --short-circuit accidentally, the accident refers to distributing a binary built that way. Think of a lone developer uploading a binary built on their own system to the net for others to use. That's not as common these days as it once was, nowadays thankfully most people use actual build systems. The "otherwise" doesn't refer to malice, but ignorance. There have been people wanting to distribute packages built with short-circuit, just to shorten their build times basically. But 14 years later (7583fcc3416e5e4accf1c52bc8903149b1314145) and hopefully a bit wiser too: a gentler version would be simply to "watermark" short-circuited builds somehow. It doesn't have to be a install-breaking dependency, just something that you can check. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/3091#issuecomment-2106778640 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint