On Sun, Jul 16, 2023 at 08:12:42AM +0300, Alexander Kanavin wrote: > On Sun 16. Jul 2023 at 4.01, Marek Vasut <ma...@denx.de> wrote: > > > This protection is really weak, this check fails on every single > > possibly bogus commit which is already on any random branch, so what is > > the gain here really ? > > The gain is that the branch name is seen in the recipe and we can make the > judgement about it. You wouldn’t be able to switch from main to > my-ugly-hacks or dangling commit without having to explain that. With > nobranch the branch name disappears and this opens the door for bogus > commits. You may reassure us that right now the commit is not bogus, this > may not hold in future revision updates or if the branch is force pushed on > your side.
Does bitbake have any infrastructure atm for dealing with signed tags? I'm fine with (for now, as LTS is a hope not a feature) keeping the branch portion. But if it was possible to say it must be a tag signed by X key, that would help a little with the concern about moving to some more arbitrary commit. -- Tom
signature.asc
Description: PGP signature
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#184417): https://lists.openembedded.org/g/openembedded-core/message/184417 Mute This Topic: https://lists.openembedded.org/mt/100144566/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
