[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages removed from frozen

>>"Marcus" == Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de> writes:

 Marcus> On Mon, Feb 07, 2000 at 10:20:20PM -0600, Manoj Srivastava wrote:
 >> gcc would be something that I would be willing to give special
 >> dispensation for - espescially since I know it tests itself on
 >> passes 2 and 3. Gcc is, therefore, part of the set of packages we
 >> call build essentials.
 >> However, this is not a dispensation that should be lightly
 >> given. Bootstrapping from scratch should be kept to a bare minimum of
 >> preinstalled packages -- the build essentials.

 Marcus> Sounds easy, but it isn't, unfortunately.  There are not only
 Marcus> packages that build-depend on themselves (as compilers),
 Marcus> there are lots of other packages which can't be bootstrapped
 Marcus> within Debian because of longer cycles.

        Fairwnough. But you realize that these packages can't be
 audited by just looking at teh source code -- trojans may be
 propogated unbeknownst to the developers.

        I would suggest we document these packages (hence the
 requirement for dispensation -- that way we can be sure all these
 packages are indeed recoreded).
 Marcus> I am all for working out loops and trying to find ways out of them, but
 Marcus> getting anal over this is not going to work for the next time.

        Depends on what you mean by going anal. I think we should be
 very anal about recording every one of these security risks. Any less
 would be a disservice to our users.

 A sad spectacle.  If they be inhabited, what a scope for misery and
 folly. If they be not inhabited, what a waste of space. Thomas
 Carlyle, looking at the stars
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: