You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Each project SHOULD provide a list of all dependencies with their corresponding commits/revisions.
So:
it is known exactly which dependencies were used to build/implement a library/binary
automatic analysers checking backward compatibility can run over all Go packages to detect API violetions
it is known which commit/revision of each dependency are at least expected to be packaged in a distribution
Q: What to do if the snapshot is not upstream provided? A: Generated your own snapshot from which a Go project can be built (ability to build a project is more than nothing)
Q: What happens if the snapshot is not provided? A: A snapshot gets constructed based on the commit date of a Go project (looking for the commits of dependencies that are at most up to the date)
The text was updated successfully, but these errors were encountered:
While that would be nice to have this belongs more in general rpm tooling IMHO (and even Go projects can have non-Go deps that influence the build result).
Right now all the elements used by a build are logged and traced by koji. If that is not enough for your needs we probably need to work with koji and rpm upstream to get the manifest of the build root written in a file and added to the srpm or a specific subpackage.
Each project SHOULD provide a list of all dependencies with their corresponding commits/revisions.
So:
Q: What to do if the snapshot is not upstream provided?
A: Generated your own snapshot from which a Go project can be built (ability to build a project is more than nothing)
Q: What happens if the snapshot is not provided?
A: A snapshot gets constructed based on the commit date of a Go project (looking for the commits of dependencies that are at most up to the date)
The text was updated successfully, but these errors were encountered: