[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#39263] [PATCH 2/2] gnu: godot: Unbundle some dependencies.
|
From: |
Timotej Lazar |
|
Subject: |
[bug#39263] [PATCH 2/2] gnu: godot: Unbundle some dependencies. |
|
Date: |
Tue, 28 Jan 2020 19:18:09 +0100 |
Thanks for the feedback! I am sending updated patches after this reply.
Christopher Baines <address@hidden> [2020-01-25 09:16:08+0000]:
> I did have a look if the package builds with the mbedtls-apache
> package, rather than using the included source code, and it looks to.
> Although I'm aware that [1] says there are modifications.
The two Godot patches for mbedtls don’t seem to be relevant to Guix, so
I replaced the bundled copy with the mbedtls-apache package. I don’t
have a use case to test this, but the minimal example from the
HTTPRequest tutorial seems to work OK with an HTTPS URI.
Christopher Baines <address@hidden> [2020-01-25 09:18:33+0000]:
> One thought I had here is that it would be more rigorous to have a list
> of directories that are kept, and anything not on the list is deleted.
> That way it's harder for new thirdparty dependencies to sneak in.
Makes sense. As you suggest, I flipped the logic for removing thirdparty
files: whitelist preserved files and remove everything else. The snippet
can only preserve direct children of the thirdparty/ directory, which
keeps it simple but perhaps not flexible enough in the long run.
Do we generally prefer whitelisting bundled files? Most packages I have
seen (and written) do the opposite and list the files to remove. Maybe
we could add a guideline somewhere? Or point me to the one I missed. :)
[bug#39263] [PATCH v2 1/3] gnu: godot: Update to 3.1.2., Timotej Lazar, 2020/01/28