[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gnome-swallow_1.2-2_source.changes REJECTED

On Sat, 12 Nov 2005 02:29:56 +0100, Pierre THIERRY <nowhere.man@levallois.eu.org> said: 

> Scribit Josselin Mouette dies 10/11/2005 hora 22:45:
>> Le jeudi 10 novembre 2005 à 13:32 -0800, Debian Installer a écrit :
>> > Rejected: source only uploads are not supported.
>> I can't see the rationale for rejecting source uploads, and they
>> used to be accepted in the past.

> And I see a rationale for allowing them: what prevents a DD to
> upload binaries that include exploits or some trojan code, along
> with a clean source?

> Isn't a buildd compilation more secure WRT this issue? (I don't try
> to say it's perfectly secure, I think admins of the buildd could do
> the trick also...)

        Of Robert Pike C compiler trojan trick ...

        You gotta start trusting somewhere. Our web of trust starts
 with the Developers in the keyring, we trust these people not to muck
 with the binaries.

        manoj
-- 
The more the change, the more it is the same thing.  -- Alphonse Karr
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C
Reply to: