search

freedomofpress / securedrop

GitHub repository for the SecureDrop whistleblower platform. Do not submit tips here!
https://securedrop.org/
Other
3.6k stars 685 forks source link

compose `.in` requirements declaratively rather than imperatively #6931

Open cfm opened 1 year ago

cfm commented 1 year ago

Description

make update-python3-requirements composes our layers of .in requirements imperatively, e.g.:

https://github.com/freedomofpress/securedrop/blob/960c43b47a4a0a90e261d2206fe4aa9375622e25/Makefile#L32-L37

Composing them declaratively, via -r directives in the .in files themselves, would make it easier to reason about requirements composition at the specifications themselves, rather than having to refer to the specific pip-compile invocations in the Makefile.

How will this impact SecureDrop users?

No user-facing changes.

How would this affect SecureDrop's threat model?

No threat-model implications.

rocodes commented 12 months ago

Yup, and already being done in some other repos: securedrop-client, securedrop-export

In favour of this along with having more cross project Makefile standardization generally