[keycloak-dev] Do we care about reproducible builds?
Bill Burke
bburke at redhat.com
Wed Jul 19 16:26:10 EDT 2017
Don't know what you mean by reproducible builds.
On 7/19/17 2:26 PM, Stan Silvert wrote:
> I'm asking this question about the community version of Keycloak. RH-SSO
> absolutely must be reproducible.
>
> The reason I ask is because we will soon stop checking node_modules into
> github. javascript libraries will be pulled in at build time.
>
> We will lock down the library versions with yarn, which means everything
> is theoretically reproducible as long as the public npm repo is stable.
>
> But if we want to be extra-sure, we can set up our own npm repo and
> archive it with each community release.
>
> WDYT? How much do we care about reproducible builds in community?
>
> Stan
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list