[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#33300: Automatically detecting binaries in source tarballs
|
From: |
Ludovic Courtès |
|
Subject: |
bug#33300: Automatically detecting binaries in source tarballs |
|
Date: |
Thu, 08 Nov 2018 09:50:23 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Hello,
Danny Milosavljevic <address@hidden> skribis:
> I think it would be good to have guix check for closed-source binaries after
> unpacking, automatically (including jar files with class files in them).
Oh right, jars are certainly quite common, more than .so files.
>> > No idea if it's worth the trouble/performance hit/false-positive rate,
>> > of course. That's for the ner^Wgods to decide.
>>
>> Yeah I wonder if it would be fruitful.
>
> Marking known-good binaries (whitelisting) is still better than hoping
> we notice some closed-source binary (blacklisting).
>
> It would be a conspicious reminder of what we still have to do - as
> opposed to the situation now where it's mostly in someone's head
> (if at all).
Yeah, that makes sense.
What about adding such a phase in %standard-phases in core-updates-next?
I guess it could check for files that match ‘elf-file?’ or ‘ar-file?’
and for *.jar. WDYT?
We must make add a keyword parameter in ‘gnu-build-system’ to make it
easy to disable it and/or to skip specific files.
Any takers?
Thanks,
Ludo’.