In well-maintained Fedora packages, the use of the FetchContent module is generally discouraged because dependencies are already available in the Fedora repositories.
While it's uncertain if build workers in Fedora have internet access, to improve security, I believe it is recommended to entirely disallow the use of the FetchContent module. To achieve this, I propose adding a flag in the cmake-rpm-macros to disable the FetchContent module. According to the CMake manual (https://cmake.org/cmake/help/latest/module/FetchContent.html), FETCHCONTENT_FULLY_DISCONNECTED=ON seems the flag that disables the use of the FetchContent module. Do I need a formal process to propose this change? Or can I just submit a pull request to the cmake (https://src.fedoraproject.org/rpms/cmake) repository? -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
