[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages removed from frozen

On 09-Feb-2000, David Starner <dvdeug@x8b4e53cd.dhcp.okstate.edu> wrote:
> Furthermore, since it sounds like you have more objections to the
> bootstrapping than just security, would it help to include intermediate
> source code in the source package? I.e. the C code resulting from oo2c
> being run over itself, or the assembly code from gcc or GNAT being run
> over itself?

Many of these sytems can be compiled to an intermediate language (e.g.
C) which could be inspected if you wanted to.  Then you just have to
decide whether you trust the C compiler.

Of course, I pity you greatly if you try to audit the code output by
the Mercury compiler ;-)

Including the .c files in the .orig.tar.gz is a *real* pain however.
Making minor changes to the original source can lead to huge blowouts
in the .diff.gz file, and it is very difficult for maintainers to make
small changes.

As long as the package is capable of generating an intermediate language
representation, it should be fine -- anyone who wants to can compile to
the intermediate representation, and then inspect the output files for
as long as they like before they compile to the binary.

The quantum sort: 
	while (!sorted) { do_nothing(); }
Tyson Dowd   <tyson@tyse.net>   http://tyse.net/

Reply to: