|
|
|
|
|
|
by kbenson
3794 days ago
|
|
|
> It's not, if you can not even run that first build then you actually have nothing to work on. Obviously you can run the first build. You wouldn't be using Github if you never got it working in the first place. To clarify, setting up the build environment may require network access, but if the process of building requires it, there are many places where it can go wrong, both operationally and security wise. > Also, not frozen dependencies means you are at the mercy on any dependencies changes breaking your build at any time. ... I agree, but that's a separate discussion and doesn't really apply here. There's nothing preventing the pulling of a specifically tagged version for builds. If someone's build process that used Git for dependencies is not doing this, whether they are using Github or some internal server is irrelevant, the same problems apply. |
|
|