Requiring an exact copy of the template sconstruct simply isn't an option.
There are very good reasons an author would need to customise it; e.g.
additional dependencies, stuff that needs to be compiled, etc. This is
certainly true for several add-ons from NV Access.
Sent from a mobile device
On 9 Apr 2016, at 4:36 AM, derek riemer <driemer.riemer@xxxxxxxxx> wrote:
Hi guys,
I am wondering if we can automate the process of making sure that addon
sconstructfiles don't change. Many reviewers might not realize, but
sconstruct file and buildvars are just as important to code review. They run
python code, and can insert whatever they want into the addon. I am tempted
to write automatic code review infrastructure to hash the sconstruct and
check it against a golden sconstruct. Also, we could ensure if it changes
between versions, the build fails until we update the hash after a code
review. In this way, the author doesn't insert some folder on their local
machine into the official add-on. Also, should we provide a community
guideline that says the official build cannot be built by the author?
Just some thoughts, I have never seen an evil sconstruct, this is purely
theoretical.
--
Derek Riemer
Department of computer science, third year undergraduate student.
Proud user of the NVDA screen reader.
Open source enthusiast.
Member of Bridge Cu
Avid skiier.
Websites:
Honors portfolio
Awesome little hand built weather app!
email me at derek.riemer@xxxxxxxxxxxx
Phone: (303) 906-2194