Description
The foundations squad has made a concerted effort to update some of our most used packages to use git-checkout over fetch.
Part of what enabled the xz attack is folks reliance on source distributions. We should be biasing towards git-checkout in as many places as we conceivably can to prepare for a world where we want to analyze the upstream source repository for health indications, and aligning around git-checkout makes this significantly more tractable.
Therefore, we would like the normal checks done (both in the public os and enterprise-packages and extra-packages) as part of the wolfictl lint to also make sure that source code is retrieved via git-checkout instead of fetch.
Description
The foundations squad has made a concerted effort to update some of our most used packages to use git-checkout over fetch.
Part of what enabled the xz attack is folks reliance on source distributions. We should be biasing towards git-checkout in as many places as we conceivably can to prepare for a world where we want to analyze the upstream source repository for health indications, and aligning around git-checkout makes this significantly more tractable.
Therefore, we would like the normal checks done (both in the public os and
enterprise-packagesandextra-packages) as part of the wolfictl lint to also make sure that source code is retrieved via git-checkout instead of fetch.