I'm seeing an increasing number of programs, whose configure and/or makefile have been written, to open a connection to some remote url (usually controlled by the project) download file(s) from there and build them into the software.
I think this is a bad idea, from many points of view: Scalability, Security and Reproducability. I haven't found any such instances in GNU Software, but I think we should put a statement about it in the GCS. J' -- PGP Public key ID: 1024D/2DE827B3 fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 See http://sks-keyservers.net or any PGP keyserver for public key.
signature.asc
Description: Digital signature
