make-release-tarball could check the packages with depenencies.tsv.
Bug #1368417 reported by
Curtis Hovey
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| juju-core |
Fix Released
|
High
|
Martin Packman | ||
| 1.20 |
Fix Released
|
Critical
|
Martin Packman | ||
| juju-release-tools |
Fix Released
|
High
|
Martin Packman | ||
Bug Description
We saw another cases where a dep of a dep was pulled into the tarball. it is legitimate, but undocumented. We also saw a case where an old library/package was pulled in possubly by wrongly merged code.
We require dependencies.tsv to document all the top-level packages and their version because golang does not support versioning and notions of stability as debian.
make-release-
Related branches
lp://staging/~gz/juju-release-tools/check_deps_1368417
- Curtis Hovey (community): Approve (code)
-
Diff: 91 lines (+69/-0)2 files modifiedcheck_dependencies.py (+64/-0)
make-release-tarball.bash (+5/-0)
| Changed in juju-release-tools: | |
| assignee: | nobody → Martin Packman (gz) |
| Changed in juju-release-tools: | |
| status: | Triaged → In Progress |
| Changed in juju-release-tools: | |
| status: | In Progress → Fix Released |
| Changed in juju-core: | |
| assignee: | nobody → Martin Packman (gz) |
| importance: | Undecided → High |
| status: | New → Fix Committed |
| milestone: | none → 1.21-alpha2 |
| Changed in juju-core: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
