## Module is imported with 'import' and 'import from'
Module 'os' is imported with both 'import' and 'import from'.
[Show more details](https://github.com/containerbuildsystem/cachi2/security/cod...
> Not a problem IMO as there's going to be a documented CLI flag
A user could be someone other than a package builder. We have a pretty long supply chain here, there are many settings along it, ...
Do you mean `test_binary_gem_dependencies_could_be_downloaded_for_damaged_platforms`? If yes then I disagree: it verifies that our code handles externally produced damaged data so it must stay.
> Binary implementations exist for a reason, and usually this reason is performance. With silent ruby fallback we'll end up with users having noticeably worse performance by default. And since ever...
Good catch! Unless we want to traverse the hierarchy, because RootedPath can only handle the immediate descendants, but not ancestors up to the real "root".
Would the helper need more than what RootedPath already provides? I might be missing some nuance here
https://github.com/containerbuildsystem/cachi2/blob/c94a1a24c1777036bbed121281c41be1b8f156f1...
No, it won't pass, at least not always. It started failing with nokogiri despite nokogiri having ruby version. If a version is present in a lockfile it seems to be needed by Bundler. If it were the...
@cmoulliard unless https://github.com/containerbuildsystem/cachi2/issues/684#issuecomment-2416516433 doesn't answer the main pain points you raised would you agree to closing this one as a duplicat...
> It is, you just don't see it / can't figure it out from the logs (https://github.com/containerbuildsystem/cachi2/issues/550), but it does use 1.23 !
It's also worth mentioning that we're keepi...
> * Why is cachi2 using go 1.20 and not 1.18 ?
Because 1.20 handles all versions up this one equally, it is 1.21 that introduced changes that somewhat break backwards compatibility when it comes...
Thank you for reporting this. This will likely be a problem spanning across multiple process executions, not strictly tied to just git so we need to apply a fix globally.
I'd say either drop the direct usage for the time being, or, if you want to make sure we don't forget about it `_ = workspaces` feels cleaner than an assertion (admittedly I have a strong bias agai...