Checksums Versus Sidecache for Build Image dependencies
Summary
For Cloud Native GitLab, we are validating tarballs when we download to build from source; same thing in Omnibus.
We need to determine our validation method for the build containers.
Background
I provided two options in a conversation in !195 (merged)
- We use a side cache repository, same as we use for Omnibus components, and and update those as needed and pull
- We download from upstream every time and use CHECKSUM validation
Expected outcomes
- We decide the path to validate our built-from-source items in the build containers
- We open the proper issues to track the work once we agree on a path