packages that BuildRequire: gettext that need to change to gettext-devel
Colin Walters
walters at redhat.com
Tue Jun 22 23:02:54 UTC 2004
On Tue, 2004-06-22 at 18:32 -0400, Jeremy Katz wrote:
> On Tue, 2004-06-22 at 17:33 -0400, Elliot Lee wrote:
> > Adding a 'cvs' dependency to 'gettext' will upset a few people, but it's
> > really not that bad a thing.
>
> Actually, the use of cvs like this strikes me as adding an easy way to
> trojan builds. Come up with a way to compromise the CVS server or just
> DNS mitm to masquerade as it and then drop in whatever you want into
> someone's package.
Actually it's my understanding that it doesn't talk to an external
server. It extracts a local file (/usr/share/gettext/archive.tar.gz),
which is just a tarred-up CVS repository. Why in the world it does this
is beyond me, but....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040622/734e0273/attachment.sig>
More information about the fedora-devel-list
mailing list