[yocto] [Openembedded-architecture] Sum up - Proposal: dealing with language-specific build tools/dependency management tools
Alexander Kanavin
alexander.kanavin at linux.intel.com
Thu Mar 16 03:21:01 PDT 2017
On 03/16/2017 10:17 AM, Josef Holzmayr wrote:
> - locking down specific versions of packages and their dependencies for
> reproductible builds.
Thanks for summarizing! I have just one comment: at least initially,
locking down specific versions has to be optional. We certainly can try
our best, but some environments offer no support for it, and even
explicitly encourage the opposite approach (Go for instance); Yocto
Project has no resources to fight against that. If someone wants to
package an app, and lock it down in a reproducible way, they should take
their concern directly to upstream.
Alex
More information about the yocto
mailing list