From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v5 0/3] Add tainting support to buildroot
Date: Sun, 9 Sep 2018 16:20:19 +0200 [thread overview]
Message-ID: <20180909142019.GK2841@scaer> (raw)
In-Reply-To: <CA+_SqVafj+DAsaBtSPJkf2bwbmh_3JojRjBrzG0oT6GduKTG4g@mail.gmail.com>
Angelo, All,
On 2018-09-09 14:44 +0100, Angelo Compagnucci spake thusly:
> On Sun, Sep 9, 2018 at 2:33 PM Yann E. MORIN <yann.morin.1998@free.fr> wrote:
> > On 2018-09-09 13:25 +0100, Angelo Compagnucci spake thusly:
> > > On Sun, Sep 9, 2018 at 1:10 PM Thomas Petazzoni
> > > <thomas.petazzoni@bootlin.com> wrote:
> > [--SNIP--]
> > > Thomas said evrithing exceptionally well, but I would like to
> > > underling another thing: automated building infrastructures like
> > > continuos integration.
> > >
> > > If a project hasa nedd of reproducibility, the countinous integration
> > > could check if a random developer introduced something not
> > > reproducible and mark the build as invalid. I think this is really a
> > > big plus of this solution.
> >
> > I do understand the concern, trust me, I do.
> >
> > What I am saying is that the solution you propose will not allow that,
> > because there is no way to decide whether a specific .config is or is
> > not reproducible, as per the examples I provided in the nodejs case.
> >
> > If a build is imprperly marked as tainted, then users will just
> > disregard that information and never consult it, and just not use it in
> > their automated buildsystemsd (jenkins, gitlab-ci, whatever). And even
> > if they do have a job doing the check, that job can detect a change from
> > "not tainted" to "tainted" because the job will always report "tainted".
>
> My concern here is that you start from a reproducible build, add your
> packages right and so maintain your build reproducible, buildroot will
> work as before.
So you are, like I am, in fact arguing that we should have actual packages
for such external modules? ;-)
> As soon you use a package manager tainting will be
> signaled.
This is where I disagree.
Using such package managers does not imply that the build is tainted.
This is a false dichotomy.
> Taint is mean to signal that there is a potential problem, and if you
> don't want to slip into it, you can always do the right thing and
> package your software and packaging also it's dependencies.
And what I am saying is that the heuristic you suggest to decide whether
a build should be considered tainted or not is incorrect.
> As soon as you do this, the taint disappear. I thin it could even be a
> deterrent to package the software randomly!
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
next prev parent reply other threads:[~2018-09-09 14:20 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-05 22:22 [Buildroot] [PATCH v5 0/3] Add tainting support to buildroot Angelo Compagnucci
2018-09-05 22:22 ` [Buildroot] [PATCH v5 1/3] Makefile: add tainting support Angelo Compagnucci
2018-09-06 7:44 ` Thomas Petazzoni
2018-09-06 7:46 ` Angelo Compagnucci
2018-09-05 22:22 ` [Buildroot] [PATCH v5 2/3] docs/manual: adding infos about tainting Angelo Compagnucci
2018-09-09 8:00 ` Yann E. MORIN
2018-09-05 22:22 ` [Buildroot] [PATCH v5 3/3] package/nodejs: taint the build on external modules Angelo Compagnucci
2018-09-09 7:49 ` Yann E. MORIN
2018-09-09 12:17 ` Angelo Compagnucci
2018-09-09 13:01 ` Yann E. MORIN
2018-09-09 13:29 ` Angelo Compagnucci
2018-09-06 7:42 ` [Buildroot] [PATCH v5 0/3] Add tainting support to buildroot Thomas Petazzoni
2018-09-09 7:36 ` Yann E. MORIN
2018-09-09 12:10 ` Thomas Petazzoni
2018-09-09 12:25 ` Angelo Compagnucci
2018-09-09 13:33 ` Yann E. MORIN
2018-09-09 13:44 ` Angelo Compagnucci
2018-09-09 14:20 ` Yann E. MORIN [this message]
2018-09-09 16:58 ` Angelo Compagnucci
2018-09-09 18:55 ` Yann E. MORIN
2018-09-09 20:18 ` Angelo Compagnucci
2018-09-10 7:50 ` Angelo Compagnucci
2018-09-10 15:00 ` Yann E. MORIN
2018-09-10 15:37 ` Yann E. MORIN
2018-09-10 17:10 ` Angelo Compagnucci
2018-09-10 18:07 ` Yann E. MORIN
2018-09-10 19:17 ` Angelo Compagnucci
2018-09-10 19:43 ` Yann E. MORIN
2018-09-10 20:03 ` Angelo Compagnucci
2018-09-10 20:26 ` Yann E. MORIN
2018-09-11 6:20 ` Angelo Compagnucci
2018-09-10 19:37 ` Thomas Petazzoni
2018-09-10 19:55 ` Angelo Compagnucci
2018-09-10 20:37 ` Yann E. MORIN
2018-09-09 13:27 ` Yann E. MORIN
2018-11-01 12:14 ` Arnout Vandecappelle
2018-11-01 12:25 ` Yann E. MORIN
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180909142019.GK2841@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.