1 files changed, 14 insertions, 0 deletions

diff --git a/results/scraper/fex/4267 b/results/scraper/fex/4267
new file mode 100644
index 000000000..8f4052f1c
--- /dev/null
+++ b/results/scraper/fex/4267
@@ -0,0 +1,14 @@
+Don't depend on any binary blobs
+Currently the tests depend a bunch of prebuilt binaries through submodules, e.g. `External/fex-gcc-target-tests-bins` and some others.

+

+Binary blobs are bad from an auditability perspective. One could say that "those are just for tests so they don't count", but I am not aware of any distro packaging system that lets one (easily) selectively clone submodules, so in practice they are all present during builds.

+

+Building the test binaries from source would be an obvious idea, but e.g. pulling in the whole gcc repo is probably even less desirable than the current solution, so I see why it's not done.

+

+Ideas for alternatives:

+- Instead of using submodules, manually `git clone --depth 1` the bin repos in the CI.

+- Maybe there is some way to configure `.gitmodules` to not clone these submodules by default with `git clone --recursive`? E.g. not sure if `submodule.<name>.fetchRecurseSubmodules` does that.

+

+In either case, it should be documented which submodules are needed for building FEX and which ones only for the tests (and which tests), currently it's a bit of a guessing game.

+

+Also honorable mention to `Source/Windows/wine_builtin.bin`, but that's small enough to be audited by hand with a hex editor, so it's not a priority. (It's just text with some null bytes afterwards.)
\ No newline at end of file