[pkg-php-pear] composer and debian
Mathieu Parent
math.parent at gmail.com
Thu Jun 27 10:17:17 UTC 2013
2013/6/27 David Prévot <taffit at debian.org>:
[...]
>
>>> - the tests should probably be installed
>>
>> you're right - there's no reason why they shouldn't be there
>
> Actually, I disagree here: tests may not be “secured”, and mostly aimed
> to be used to verify the program (e.g. at build time) in “extreme”
> conditions. Keeping tests in the executable path often opens a security
> issue. So I would rather encourage you to not ship them unless a real
> security audit has been performed on this code.
If tests are a security risk, the code itself probably is.
Using test at runtime ensure everything is correct (no regression
coming from an php upgrade, or any other unrelated change). Test
successfull at buildtime don't guarantee to be successfull at runtime.
Also, some tests ca only be run at runtime (you usually don't start
OpenLDAP at buildtime to test php-net-ldap2).
See also : http://dep.debian.net/deps/dep8/
[...]
--
Mathieu Parent
More information about the pkg-php-pear
mailing list