On Tue, 2025-02-11 at 16:00 +0100, Stefan Herbrechtsmeier via lists.openembedded.org wrote: > From: Stefan Herbrechtsmeier <stefan.herbrechtsme...@weidmueller.com> > > Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsme...@weidmueller.com> > --- > > .../python/python3-bcrypt-crates.inc | 84 ------------------- > .../python/python3-bcrypt_4.2.1.bb | 4 +- > 2 files changed, 1 insertion(+), 87 deletions(-) > delete mode 100644 meta/recipes-devtools/python/python3-bcrypt-crates.inc
So let me as the silly question. This removes the crates.inc file and doesn't appear to add any kind of new list of locked down modules. This means that inspection tools just using the metadata can't see "into" this recipe any longer for component information. This was something that some people felt strongly that was a necessary part of recipe metadata, for license, security and other manifest activities. Are we basically saying that information is now only available after the build takes place? I'm very worried that the previous discussions didn't reach a conclusion and this is moving the "magic" out of bitbake and into some vendor classes without addressing the concerns previously raised about transparency into the manifests of what is going on behind the scenes. I appreciate some of the requirements are conflicting. For the record in some recent meetings, I was promised that help would be forthcoming in helping guide this discussion. I therefore left things alone in the hope that would happen. It simply hasn't, probably due to time/work issues, which I can sympathise with but it does mean I'm left doing a bad job of trying to respond to your patches whilst trying to do too many other things badly too. That leaves us both very frustrated. I really want to see you succeed in reworking this and I appreciate the time and effort put into the patches. To make this successful, I know there are key stakeholders who need to buy into it and right now, they're more likely just to keep doing their own things as it is easier since this isn't going the direction they want. A key piece of making this successful is negotiating something which can work for a significant portion of them. I'm spelling all this out since I do at least want to make the situation clear. Yes, I'm very upset the OE community is putting me in this position despite me repeatedly asking for help and that isn't your fault, which just frustrates me more. Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#211188): https://lists.openembedded.org/g/openembedded-core/message/211188 Mute This Topic: https://lists.openembedded.org/mt/111123548/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
