Re: Using buildds only (was: Results of the meeting...)
Quoting Hamish Moffatt <hamish@debian.org>:
> There is the possibility that developer builds get extra features
> enabled due to other installed libraries etc. This could be checked for
> by analysing the packages files for different architectures or similar.
This is a really nice idea: A DD with a strange sense of humour
could "enable an extra feature" in their binary package, that is
not in the source code - at least not in the uploaded source.
Could be a virus, a Trojan horse, a root kit, a time-bomb. As
>= 95% of our users have i386, it's easy to generate nice damage.
Security-wise, binary uploads are no go.
Cheers, WB
Reply to: