You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Proposing that we automate a way to check that we are pinning to versions of dependencies that we have diff-reviewed. Another variation of this proposal is to start including build-requirements.txt files for our non-debian package projects and actually pinning to our local wheels.
Background
Right now, the sdk wheel is built (indirectly) using securedrop-debian-packaging via PKG_DIR=../securedrop-client make build-wheels . Only our debian package repos, such as securedrop-client, maintain build-requirements.txt files so that we can use our own local wheels that we know we have diff-reviewed and built ourselves. It would also be more convenient to use this tool to build wheels and check their prod dependencies directly, e.g. PKG_DIR=../securedrop-sdk make wheel or something like that.
`
The text was updated successfully, but these errors were encountered:
Description
Proposing that we automate a way to check that we are pinning to versions of dependencies that we have diff-reviewed. Another variation of this proposal is to start including
build-requirements.txtfiles for our non-debian package projects and actually pinning to our local wheels.Background
Right now, the sdk wheel is built (indirectly) using
securedrop-debian-packagingviaPKG_DIR=../securedrop-client make build-wheels. Only our debian package repos, such assecuredrop-client, maintainbuild-requirements.txtfiles so that we can use our own local wheels that we know we have diff-reviewed and built ourselves. It would also be more convenient to use this tool to build wheels and check their prod dependencies directly, e.g.PKG_DIR=../securedrop-sdk make wheelor something like that.`
The text was updated successfully, but these errors were encountered: