Description
Currently the Build Requirements say
All transitive build steps, sources, and dependencies were fully declared up front with immutable references
and
The user-defined build script:
MUST declare all dependencies, including sources and other build steps, using immutable references in a format that the build service understands.
Is it actually necessary that the build script specify the immutable references? That would require users to manually update each build script for each dependency in order to get the latest version. Would it instead be reasonable to simply require that the builder resolve the dependency into an immutable reference and include that in the provenance?
If we actually want users to specify the exact reference they want pulled, could that be a separate ('Version Pinning'?) requirement? That might add some clarity.
Metadata
Metadata
Assignees
Type
Projects
Status