Skip to content

GH-131372: only install build-details.json in the main install #142269

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
FFY00 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

GH-131372: only install build-details.json in the main install #142269

FFY00 wants to merge 3 commits into from
+4 −1

Conversation

@FFY00
Copy link
Member

@FFY00 FFY00 commented Dec 4, 2025
edited by bedevere-app bot
Loading

@FFY00
pythonGH-131372: only install build-details.json in the main install
4719fe3 
Signed-off-by: Filipe Laíns <lains@riseup.net>
@bedevere-app bedevere-app bot mentioned this pull request Dec 4, 2025
Open
@FFY00
Add news
26868fa 
Signed-off-by: Filipe Laíns <lains@riseup.net>
@FFY00 FFY00 mentioned this pull request Dec 4, 2025
Open
@ned-deily
Copy link
Member

ned-deily commented Dec 4, 2025

@FFY00 I just noticed all those cat commands being used for install steps and, without looking further into it, I wonder if those might be opening up some security issues. Typically, we use the install utility which does ensure specific permissions etc on installed files, something cat would not do.

@FFY00
Copy link
Member Author

FFY00 commented Dec 4, 2025
edited
Loading

cat is only reading the build directory location here, install still does all the actual file touching.

That said, I really don't like this ideom. It has been around for a while, but unfortunately it's not easy to get rid of. I attempted it in GH-131761, but haven't had time to follow it through.

@ned-deily
Copy link
Member

ned-deily commented Dec 4, 2025

cat is only reading the build directory location here, install still does all the actual file touching.

D'oh, sorry for the noise!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AA-Turner AA-Turner AA-Turner approved these changes

@erlend-aasland erlend-aasland Awaiting requested review from erlend-aasland erlend-aasland is a code owner

@emmatyping emmatyping Awaiting requested review from emmatyping emmatyping is a code owner

Assignees

No one assigned

Labels

awaiting merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@FFY00 @ned-deily @AA-Turner