> Both a git post-checkout and a build fail-fast will protect us here. But >>> the post-checkout will need to fail silently if the .git subdirectory >>> doesn't exist. >>> >> >> Correction: the build fail-fast will need to fail silently if the .git >> subdirectory doesn't exist. >> > > How will this work for users downloading source distributions? >
It is presumed that the source found in the submodule is on the correct SHA. The integrity checks are in place when creating and when voting on the source tarball release. This means that the the build of the submodule has to be part of the in-tree build (which I have assumed already).