Subject: Re: [boost] Request for a new submodule, tools/depinst
From: Rene Rivera (grafikrobot_at_[hidden])
Date: 2016-11-11 14:38:20
On Fri, Nov 11, 2016 at 2:19 PM, Peter Dimov <lists_at_[hidden]> wrote:
> Rene Rivera wrote:
> git submodule update --init --depth 1 tools/regression
>> How would you bootstrap that?
> Not sure what you mean.
> - cd ..
> - git clone -b $TRAVIS_BRANCH --depth 1 https://github.com/boostorg/bo
> ost.git boost-root
> - cd boost-root
> - git submodule update --init --depth 1 tools/regression
> What is the bootstrap problem here? That the above sequence is not part of
> the script? Why does it need to be?
Daniel mentioned the same objections I had :-)
Hmm.. Are you saying that getting an old version of the regression tools
>> that "matches" a particular checkout of the libraries at some point in time
>> should always work and be a measure of reproduction?
> Yes, this to me feels like the right thing to do. When you are testing a
> specific Boost snapshot, it makes sense for the testing tools to also be a
> part of this snapshot.
The problem is that there's no guarantee that whatever past version you get
will work with the currently deployed up to date system. Remember there's
more to testing than just the script one uses to run the tests.
> And there's also the principled objection of not executing unknown
> unauthenticated scripts retrieved by wget across the internet, although I
> won't insist on that. :-)
Through a secure connection to a trusted site? If we worry about ti to that
extent we have bigger problems since that's equivalent to "git clone" as
far as security is concerned ;-)
-- -- Rene Rivera -- Grafik - Don't Assume Anything -- Robot Dreams - http://robot-dreams.net -- rrivera/acm.org (msn) - grafikrobot/aim,yahoo,skype,efnet,gmail
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk