mirror of
https://github.com/flatpak/flatpak.git
synced 2026-01-27 09:08:12 -05:00
c982e591ba
When combined with using `git subtree` for our mandatory vendored dependencies, this avoids differences between what we ship in our git repository (available to users via `git clone` or by unpacking the result of `git archive`), and what's in our official source code releases (which are the result of `meson dist`). Differences between those artifacts would provide an attractive place for attackers to hide malware, for example in CVE-2024-3094, so avoiding differences is a good "nothing up my sleeve" mechanism to make it less appealing for attackers to target Flatpak. With default Meson settings, the wrap files will be used automatically to download our suggested versions of these dependencies, unless the `-Dsystem_bubblewrap=...`, `-Dsystem_dbus_proxy=...` Meson options are used. In environments where automatic downloads are disabled via `-Dwrap_mode=nodownload`, for example many Linux distributions, specifying a system copy becomes mandatory. Signed-off-by: Simon McVittie <smcv@collabora.com>
6 lines
129 B
Plaintext
6 lines
129 B
Plaintext
[wrap-git]
|
|
url = https://github.com/flatpak/xdg-dbus-proxy
|
|
# 0.1.5
|
|
revision = 7466c8137fc06f863fde8486521984e43a26cd10
|
|
depth = 1
|