Skip to content

projects need way to enforce pinned upstream dist-git/spec reference #27

Open
Open
projects need way to enforce pinned upstream dist-git/spec reference#27
Labels
area: source managementPertains to source fetching, downloading, and/or preparing.enhancementNew feature or request
@reubeno

Description

@reubeno
reubeno
opened on Mar 20, 2026

For a 'stable' project/distro, all the upstream references should be pinned to a specific date/time or (per-package) dist-git commit hash. This prevents inputs to the stable project build changing over time.

There also should be a mechanism to opt-out (or opt-in) of the upstream pinning for dev work, possibly a (project/distro-wide) parameter in the toml, and/or azldev cmdline param.

--
Imported on behalf of @ddstreet

Metadata

Metadata

Assignees

No one assigned

    Labels

    area: source managementPertains to source fetching, downloading, and/or preparing.enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions