[Buildroot] [PATCH v5 0/3] Add tainting support to buildroot

Arnout Vandecappelle arnout at mind.be
Thu Nov 1 12:14:10 UTC 2018


 Hi Angelo,

On 06/09/18 00:22, Angelo Compagnucci wrote:
> Packages that need to resolve dependencies internally
> and use a package manager would harm the reproducibility
> of a build, moreover they escape the legal infrastructure
> not giving enough informations on licensing.
> 
> This patch adds a tainting mechanism in the form of a
> variable FOO_TAINTS that can be used to signal that
> a package harms the reproducibility or licensing under
> certain conditions.

 We had a discussion about this at the BR developer meeting, and we decided that
the taints mechanism is not worth it. As noted by Yann, it can only ever be used
for a warning, not to block anything, because there are ways to do the right
thing for e.g. BR2_REPRODUCIBLE.

 And if it is just a warning, then it can just be included in the help text of
the Config.in option. Or, if we want to make it stronger, a conditional comment.


> This opens the door to include per language dependency
> managers in buildroot.

 To be honest (not discussed, so purely my personal opinion), maybe we should
just relax our opposition against language package managers. Yes, there are
those 7 points (which I still haven't added to the documentation, shame on me)
but that doesn't mean it's entirely blocking.

 I hope I haven't opened a box of Pandora by saying this :-)

 Regards,
 Arnout


More information about the buildroot mailing list