[Vm-dev] [OpenSmalltalk/opensmalltalk-vm] third-party: Stop building/using vulnerable software (#386)
notifications at github.com
Wed Jun 26 19:01:57 UTC 2019
Hi Holger, I heartily agree with you that this is an important issue. In talking with @ronsaldo this morning he wrote
"The painful change is building all of these third party dependencies with cmake. And cmake is not suitable at all for doing this. I would like to remove these third party dependencies on the near future, but for doing this we need a server for holding them."
and I replied
I think the best thing to do is to
a) have a directory in each build.foo* which includes the pre-built support libraries
b) have a separate repository to build the support libraries
c) a workflow where when a new version of a library is needed one checks out repository b) and builds, and then replaces the libraries in a) and commits. That is what I'm doing with Terf. See terf-cogvm/platforms/Cross/third-party/lib.macos32x86 & lib.macos64x64.
And he agrees.
So was soon as possible we should split the repository to create e.g. opensmalltalk-third-party and stop rebuilding third-party software unnecessarily. We do have to decide where the products live on opensmalltalk-vm. I propose that they live in build.*/third-party/lib
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Vm-dev