[Rpm-maint] [rpm-software-management/rpm] Introduction of "rpms.lock.yaml" file (Discussion #2908)
Erik Skultety
notifications at github.com
Wed Feb 14 09:56:37 UTC 2024
I think that in context of reproducibility and secure supply chain SW delivery lockfiles as a concept makes sense and from my layman's perspective it looks plausible however I don't feel competent enough to review this format in depth. What I as a stakeholder am interested in knowing is the following:
- whether the RPM/DNF community would officially endorse this format officially and adopt it natively in some way
- whether (speaking of potential native adoption here) there's actually **any** intersection where the format would be useful to let's say DNF itself
- whether anyone from the RPM/DNF community sees potential problems/pitfalls and would object to the format as proposed before this finds its way as the de facto standard to secure supply chain SW delivery pipelines where RPMs are involved
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/2908#discussioncomment-8463657
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/repo-discussions/2908/comments/8463657 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240214/cf30434f/attachment-0001.html>
More information about the Rpm-maint
mailing list