Fetching remote content
Dave Allured - NOAA Affiliate
dave.allured at noaa.gov
Tue Jul 1 16:15:06 UTC 2025
On Mon, Jun 30, 2025 at 1:48 PM Joshua Root <jmr at macports.org> wrote:
> On 1/7/2025 01:01, Dave Allured - NOAA Affiliate via macports-dev wrote:
> > Build systems may include features to fetch arbitrary remote code
> > outside of normal MacPorts controls. An example is FetchContent in
> > CMake. This can result in unexpected dependency versions and other
> > surprises.
> >
> > What are MacPorts guidelines for allowing or blocking remote fetching?
> > I could not find an established policy. Should there be one?
>
> "Don't fetch anything outside the fetch phase if at all possible."
>
> We don't disallow it entirely because there are (unfortunately) some
> build systems that will not work that way. I don't know how distros like
> FreeBSD that do completely disallow such behaviour deal with those build
> systems.
>
Well put. I fully agree with this conservative approach. Thank you for
confirming.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20250701/3152375a/attachment.htm>
More information about the macports-dev
mailing list