[MacPorts] #65809: py-nbconvert @7.0.0: install fails, due to build-time artifact fetch
MacPorts
noreply at macports.org
Tue Sep 20 15:32:52 UTC 2022
#65809: py-nbconvert @7.0.0: install fails, due to build-time artifact fetch
---------------------------+----------------------
Reporter: agl2015 | Owner: mascguy
Type: defect | Status: assigned
Priority: Normal | Milestone:
Component: ports | Version: 2.7.2
Resolution: | Keywords:
Port: py-nbconvert |
---------------------------+----------------------
Comment (by mascguy):
Replying to [comment:11 mascguy]:
> While that would be nice, the reality is that arbitrary artifacts
shouldn't be fetched by the build script. Particularly not if we're
interested in #ReproducibleBuilds.
In case you or anyone else isn't aware of it, there have also been recent
reports of bad actors introducing spyware and viruses in some Python
components. And this is yet another reason to avoid arbitrary,
uncontrolled downloads via build scripts.
--
Ticket URL: <https://trac.macports.org/ticket/65809#comment:12>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list