On 8/25/25 1:33 AM, Michał Górny wrote: > My personal opinion about this or about using GitHub doesn't change > the fact that it's the official upstream recommendation.
I don't see why upstream distfile services recommending a thing has to do with this topic. But I'm willing to be persuaded -- as soon as we also switch to their recommendation that each and every python program in Gentoo is installed in a virtualenv. Also I did not say anything about "github", so I don't know where your criticism comes from? Am I supposed to, I don't know, have a vendetta against github copilot to the point where I don't trust github actions to do CI? Seems farfetched to me. > The flags > aren't intended to be used by users, users have Manifests. They are > helpful for developers to double-check that the artifacts aren't > compromised (or more likely, that "something went wrong"). It is *precisely* developers who, per my belief, should strictly refrain from this eclass addition and refuse to believe that it makes any statement about whether artifacts are compromised. -- Eli Schwartz
OpenPGP_signature.asc
Description: OpenPGP digital signature
