**** BEGIN LOGGING AT Mon Nov 02 02:59:57 2020 Nov 02 07:50:53 good morning Nov 02 11:19:38 khem: https://lists.openembedded.org/g/bitbake-devel/message/9271 what do you mean by "package metadata"? the SRC_URI in the .bb file? Nov 02 11:20:26 on a side note: is there a way to get something like this https://lists.openembedded.org/g/bitbake-devel/topic/72129859 merged, i.e. by adding something like gentoos "I_KNOW_WHAT_I_AM_DOING" flag? Nov 02 11:23:44 for example "PASSWORD_IS_IN_REALITY_A_READ_ONLY_ACCESS_TOKEN_WHICH_WE_SPECIFICALLY_ISSUED_FOR_INCLUSION_IN_THE_METADATA_OF_THIS_ALSO_PRIVATE_REPOSITORY_AND_WE_MADE_EVERYONE_PROMISE_NOT_TO_LEAK_THIS_SOURCE" :D Nov 02 11:36:10 Doeme: if you really think you need such, then you could create a custom incarnation of the git fetcher in a layer that you maintain. but i don't see this getting merged. Nov 02 11:40:12 ah, i already maintain a fork of bitbake, so i'm fine Nov 02 11:40:20 well "maintain" Nov 02 11:40:23 have one Nov 02 11:41:10 this is by far the easiest approach. I just wonder why you would want to limit the users freedom. Nov 02 11:41:55 I mean, warning them about doing something stupid is fine, but just flat out ignoring everyhting without even throwing an exception is probably not the right way Nov 02 11:45:52 (there are legit reasons to do this, by the way. If your building in ephemeral environments and are using access tokens, you have to check in your token into the repository at some point, anyways. and using access tokens yield high security implications, especially if they are checked into a private repository in the first place) Nov 02 11:47:01 => if these tokens get leaked, you will have had access to the source code anyways Nov 02 11:53:16 i would take it the other way around. if somebody has that use case, the person is probably knowledgeable enough to use the mentioned ways of netrc and/or git credentail helpers. where as in the common use case, where we often see more inexperienced users, keeping them from accidentially leaking their credentials is a good thing. Nov 02 11:53:36 one might add a warning, that is right. Nov 02 11:53:52 in the least, just writing it in source is just plain mean Nov 02 11:55:39 And I do not agree with that point of view, I prefer programs that give you the freedom to shoot into your knee (but warn if you want to do so). Like rust with unsafe{}. or gentoo with I_KNOW_WHAT_I_AM_DOING. Nov 02 11:56:32 disagreeing is fine. :) Nov 02 11:56:32 since sometimes knees just need to be shot. Or it is the alternative to shoot into some more important bodyparts Nov 02 11:57:42 but in this very specific case it sounds like "i totally want to use this potentially dangerous way and i want all the world to bear with me, even though there are other, already accepted ways". Nov 02 11:58:31 which we tried and discarded as inferior Nov 02 11:58:32 and if you're already maintaining a fork for your personal use, i don't even see the benefit, sorry. Nov 02 11:59:15 yeah, I wanted to contribute, which is, as I understood it, the core spirit of open source Nov 02 12:00:37 pardon me if i'm not taking the herring. you asked for commentary on a specific topic, and i gave it. **** ENDING LOGGING AT Tue Nov 03 03:00:33 2020