Packaging Development Source

[alen.helac]

Hi everyone,

 

Currently, the app/script that packs development source to release source is non-open source. There is thread on GitHub ( https://github.com/revive-adserver/revive-adserver/issues/154 ) where few developers stated that they're aware of this and they plan to rewrite that app/script and release it as open source, but currently they have tasks of higher priority.

 

My question is, does anyone knows what the app/script actually does?

Currently I'm OK with my development source being deployed in production, but I'm not sure if there are any security issues with this.

All informations/thoughts are much appreciated!
 

Alen

[Matteo Beccati]

The closed source ant library takes care of removing unwanted files and regenerating the delivery files. The input for file removal can be found here:

https://github.com/revive-adserver/revive-adserver/blob/master/build-filelist.xml

Actually, regenerating delivery files is taken care via a php script now. That has probably changed years ago without me noticing. So the only task performed by the library is making sure that the package files don't include unwanted files/directories

[alen.helac]

Hi Matteo

My main concearn was if there are any potential security issues, but since it's only removing files I presume that I can rule that out.

Many thanks!

 

All the best

Alen

 

[Matteo Beccati]

Well, the files you're not removing are a potential security issue.