On 1/7/2025 01:01, Dave Allured - NOAA Affiliate via macports-dev wrote:
Build systems may include features to fetch arbitrary remote code
outside of normal MacPorts controls. An example is FetchContent in
CMake. This can result in unexpected dependency versions and other
surprises.
What are MacPorts guidelines for allowing or blocking remote fetching?
I could not find an established policy. Should there be one?
"Don't fetch anything outside the fetch phase if at all possible."
We don't disallow it entirely because there are (unfortunately) some
build systems that will not work that way. I don't know how distros like
FreeBSD that do completely disallow such behaviour deal with those build
systems.
- Josh
