[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Behaviour of Build / Configure in GNU programs

From: John Darrington
Subject: Behaviour of Build / Configure in GNU programs
Date: Tue, 7 Jul 2015 07:17:40 +0200
User-agent: Mutt/1.5.21 (2010-09-15)

I'm seeing an increasing number of programs, whose configure and/or makefile
have been written, to open a connection to some remote url  (usually controlled
by the project) download file(s) from there and build them into the software.

I think this is a bad idea, from many points of view: Scalability, Security and
Reproducability.  I haven't found any such instances in GNU Software, but I
think we should put a  statement about it in the GCS.


PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]