[vlc-devel] Consider contrib hashing mandatory
Rémi Denis-Courmont
remi at remlab.net
Mon Feb 20 21:15:37 CET 2017
Hello,
Five and a half years ago, I was too lazy to implement any kind of hashing for
external references to Git repositories in the "new" contribs build system.
This is now finally fixed. And given that it was blatantly insecure and
unsurprisingly easy to fix, I am a bit disappointed that nobody beat me to it
in such a long time.
In any case, this means that the only excuse for not validating Git sources
has moved from lame to invalid. As a reviewer, I will thus no longer accept
contrib rules that change sources or add new sources of any kind without
validation.
Br,
--
雷米‧德尼-库尔蒙
https://www.remlab.net/
More information about the vlc-devel
mailing list