From: Richard Purdie <richard.purdie@linuxfoundation.org>
To: stefan.herbrechtsmeier-oss@weidmueller.com,
openembedded-core@lists.openembedded.org
Cc: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Subject: Re: [OE-core] [RFC PATCH 21/30] python3-bcrypt: mirgrate to vendor cargo class
Date: Tue, 11 Feb 2025 21:46:13 +0000 [thread overview]
Message-ID: <d933e37f2be3e98c72f99191b504efe607d50c96.camel@linuxfoundation.org> (raw)
In-Reply-To: <20250211150034.18696-21-stefan.herbrechtsmeier-oss@weidmueller.com>
On Tue, 2025-02-11 at 16:00 +0100, Stefan Herbrechtsmeier via lists.openembedded.org wrote:
> From: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
>
> Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
> ---
>
> .../python/python3-bcrypt-crates.inc | 84 -------------------
> .../python/python3-bcrypt_4.2.1.bb | 4 +-
> 2 files changed, 1 insertion(+), 87 deletions(-)
> delete mode 100644 meta/recipes-devtools/python/python3-bcrypt-crates.inc
So let me as the silly question. This removes the crates.inc file and
doesn't appear to add any kind of new list of locked down modules.
This means that inspection tools just using the metadata can't see
"into" this recipe any longer for component information. This was
something that some people felt strongly that was a necessary part of
recipe metadata, for license, security and other manifest activities.
Are we basically saying that information is now only available after
the build takes place?
I'm very worried that the previous discussions didn't reach a
conclusion and this is moving the "magic" out of bitbake and into some
vendor classes without addressing the concerns previously raised about
transparency into the manifests of what is going on behind the scenes.
I appreciate some of the requirements are conflicting.
For the record in some recent meetings, I was promised that help would
be forthcoming in helping guide this discussion. I therefore left
things alone in the hope that would happen. It simply hasn't, probably
due to time/work issues, which I can sympathise with but it does mean
I'm left doing a bad job of trying to respond to your patches whilst
trying to do too many other things badly too. That leaves us both very
frustrated.
I really want to see you succeed in reworking this and I appreciate the
time and effort put into the patches. To make this successful, I know
there are key stakeholders who need to buy into it and right now,
they're more likely just to keep doing their own things as it is easier
since this isn't going the direction they want. A key piece of making
this successful is negotiating something which can work for a
significant portion of them. I'm spelling all this out since I do at
least want to make the situation clear.
Yes, I'm very upset the OE community is putting me in this position
despite me repeatedly asking for help and that isn't your fault, which
just frustrates me more.
Cheers,
Richard
next prev parent reply other threads:[~2025-02-11 21:46 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-11 15:00 [RFC PATCH 00/30] Add vendor support for go, npm and rust Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 01/30] classes: create-spdx-2.2: use expanded FetchData for downloaded packages Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 02/30] lib: spdx30_tasks: use expanded FetchData for download files Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 03/30] classes: create-spdx-2.2: use name and version for download dependencies Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 04/30] lib: bb: fetch2: add support to unpack .crate files Stefan Herbrechtsmeier
2025-02-11 21:22 ` [OE-core] " Richard Purdie
2025-02-11 15:00 ` [RFC PATCH 05/30] lib: oe: add vendor module Stefan Herbrechtsmeier
2025-02-11 21:31 ` [OE-core] " Richard Purdie
2025-02-12 9:27 ` Stefan Herbrechtsmeier
2025-02-12 9:38 ` Richard Purdie
2025-02-12 12:21 ` Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 06/30] lib: oe: vendor: add cargo support Stefan Herbrechtsmeier
2025-02-12 10:32 ` [OE-core] " Alexander Kanavin
2025-02-12 12:45 ` Frédéric Martinsons
2025-02-12 16:29 ` Stefan Herbrechtsmeier
2025-02-12 17:48 ` Frédéric Martinsons
2025-02-13 8:53 ` Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 07/30] lib: oe: vendor: add go support Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 08/30] lib: oe: vendor: add npm support Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 09/30] oeqa: oelib: add vendor tests Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 10/30] conf: bitbake: add SRC_URI_FILES variable Stefan Herbrechtsmeier
2025-02-11 16:22 ` [bitbake-devel] " Peter Kjellerstedt
2025-02-12 8:55 ` Stefan Herbrechtsmeier
2025-02-12 9:49 ` [OE-core] " Alexander Kanavin
[not found] ` <18236D0FFBD06B89.28278@lists.openembedded.org>
2025-02-12 10:42 ` Alexander Kanavin
2025-02-11 19:06 ` Peter Kjellerstedt
2025-02-11 15:00 ` [RFC PATCH 11/30] classes: go: make source directory configurable Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 12/30] classes: go-mod: make class customizable Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 13/30] classes: add nodejs-arch class Stefan Herbrechtsmeier
2025-02-12 10:37 ` [OE-core] " Alexander Kanavin
2025-02-11 15:00 ` [RFC PATCH 14/30] classes: base: add get_src_uris and unpack_src_uris functions Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 15/30] classes: add early fetch, unpack and patch support Stefan Herbrechtsmeier
2025-02-11 22:27 ` [OE-core] " Richard Purdie
2025-02-12 12:21 ` Stefan Herbrechtsmeier
2025-02-11 22:32 ` Bruce Ashfield
2025-02-12 12:42 ` Stefan Herbrechtsmeier
2025-02-12 13:55 ` Bruce Ashfield
2025-02-12 14:40 ` Stefan Herbrechtsmeier
2025-02-12 11:08 ` Alexander Kanavin
2025-02-12 16:23 ` Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 16/30] classes: add vendor class Stefan Herbrechtsmeier
2025-02-11 19:17 ` [OE-core] " Peter Kjellerstedt
2025-02-11 15:00 ` [RFC PATCH 17/30] classes: add vendor class for cargo Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 18/30] classes: add vendor class for go Stefan Herbrechtsmeier
2025-02-11 22:59 ` [OE-core] " Bruce Ashfield
2025-02-12 15:23 ` Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 19/30] classes: add vendor class for npm Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 20/30] classes: add vendor_npm_build class Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 21/30] python3-bcrypt: mirgrate to vendor cargo class Stefan Herbrechtsmeier
2025-02-11 21:46 ` Richard Purdie [this message]
2025-02-12 14:36 ` [OE-core] " Stefan Herbrechtsmeier
2025-02-12 15:06 ` Richard Purdie
2025-02-12 17:27 ` Stefan Herbrechtsmeier
2025-02-12 15:07 ` Bruce Ashfield
2025-02-12 17:24 ` Stefan Herbrechtsmeier
2025-02-12 17:45 ` Bruce Ashfield
2025-02-12 17:52 ` Richard Purdie
2025-02-13 12:45 ` Stefan Herbrechtsmeier
2025-02-13 17:07 ` Bruce Ashfield
2025-02-11 15:00 ` [RFC PATCH 22/30] python3-cryptography: " Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 23/30] python3-maturin: " Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 24/30] python3-rpds-py: " Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 25/30] librsvg: " Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 26/30] librsvg: update dependecies to fix RUSTSEC-2024-0421 Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 27/30] [DO NOT MERGE] recipes: add crucible go demo Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 28/30] [DO NOT MERGE] recipes: add node-red npm demo Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 29/30] [DO NOT MERGE] recipes: add nucleoidai " Stefan Herbrechtsmeier
2025-02-11 15:00 ` [RFC PATCH 30/30] [DO NOT MERGE] classes: spdx: use version 2.2 Stefan Herbrechtsmeier
2025-02-11 23:14 ` [bitbake-devel] [RFC PATCH 00/30] Add vendor support for go, npm and rust Bruce Ashfield
2025-02-12 8:41 ` Stefan Herbrechtsmeier
2025-02-12 14:11 ` Bruce Ashfield
2025-02-13 8:36 ` Stefan Herbrechtsmeier
2025-02-13 17:01 ` Bruce Ashfield
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d933e37f2be3e98c72f99191b504efe607d50c96.camel@linuxfoundation.org \
--to=richard.purdie@linuxfoundation.org \
--cc=openembedded-core@lists.openembedded.org \
--cc=stefan.herbrechtsmeier-oss@weidmueller.com \
--cc=stefan.herbrechtsmeier@weidmueller.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox