Git, the D package manager
Jacob Carlborg via Digitalmars-d
digitalmars-d at puremagic.com
Wed Feb 4 11:02:06 PST 2015
On 2015-02-02 09:58, Joseph Rushton Wakeling via Digitalmars-d wrote:
> Scenario: a dependency has a security hole that gets patched. If the
> dub package is updated, all applications using that dub package will
> automatically have that update available next time they are built.
That's the worst kind of behavior for security reasons. It's vital that
you can reproduce a build any point in time. For example, building an
application now and six months later should result in the exact same
binary if the code of the application has not changed.
--
/Jacob Carlborg
More information about the Digitalmars-d
mailing list