[keycloak-dev] Do we care about reproducible builds?
bruno at abstractj.org
Wed Jul 19 17:40:18 EDT 2017
Thinking about this scenario and the fact that you're going to lock down
the library versions.
I'd say go for it.
On Wed, Jul 19, 2017 at 5:03 PM Stan Silvert <ssilvert at redhat.com> wrote:
> I'm asking this question about the community version of Keycloak. RH-SSO
> absolutely must be reproducible.
> The reason I ask is because we will soon stop checking node_modules into
> We will lock down the library versions with yarn, which means everything
> is theoretically reproducible as long as the public npm repo is stable.
> But if we want to be extra-sure, we can set up our own npm repo and
> archive it with each community release.
> WDYT? How much do we care about reproducible builds in community?
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
More information about the keycloak-dev