585712 – [TRACKER] Live/VCS eclasses used for keyworded release ebuilds

Bug 585712 - [TRACKER] Live/VCS eclasses used for keyworded release ebuilds

Summary: [TRACKER] Live/VCS eclasses used for keyworded release ebuilds

Status:	RESOLVED FIXED

Alias:	None

Product:	Quality Assurance
Classification:	Unclassified
Component:	Trackers (show other bugs)
Hardware:	All Linux

Importance:	Normal QA
Assignee:	Gentoo Quality Assurance Team

URL:
Whiteboard:
Keywords:	Tracker

Depends on:	585714 585716 585718 585720 585722 585726 585728
Blocks:
	Show dependency tree

Reported:	2016-06-12 17:02 UTC by Michał Górny
Modified:	2022-04-14 06:20 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michał Górny archtester

2016-06-12 17:02:32 UTC

This one's for all cases when a live/VCS eclass is being used to fetch sources for a release/keyworded ebuild instead of a snapshot fetched via SRC_URI.

Basic rationale:

- VCS eclasses don't provide strong cryptographic checks like distfiles do,

- VCS resources are less network- and space-efficient, and usually are not mirrored locally when distfiles are,

- distfile fetching is less likely to be problematic on networks with traffic restrictions.

Comment 1 Sam James archtester

2022-04-14 06:20:06 UTC

pkgcheck's had this fatal for quite a while and no instances in tree (and CI forbids it as a result of pkgcheck).

A very, very long time in fact, but obviously wasn't used for CI back then: https://github.com/pkgcore/pkgcheck/commit/592033724ef75017d88e045c6b410d125c73d3da.