[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Architecture independent binaries and building from source

Well said.

On Tue, Aug 10, 2004 at 05:55:40PM -0700, Shaun Jackman wrote:
> On Tue August 10, 2004 13h14, Martin Schulze wrote:
> > Roland Stigge wrote:

> > 
> > Hence, please don't do that, but compile it from the provided source,
> > always.
> > 
> > Regards,
> > 
> > 	Joey
> > 
> The build system can function much like automake does. Makefile.in is
> not usually regenerated from Makefile.am. If Makefile.in is removed it
> will be regenerated. Likewise, the build system could typically
> redistribute upstream's derivative form. If the security team finds it
> necessary to patch the source, simply removing upstream's binary will
> cause it to be rebuilt. This allows both redistribution of a pristine
> upstream binary as well as potential modification by the security
> team.

In summary, Debian must provide a way to easily regenerate from "source"
(aka preferred form).  This might be in the form of a debian/rules

Once that's done, I think distribution of upstreams binaries aka
derivitive forms is okay.  Indeed, in the case of java, I don't think it
will matter 0.02 worth who compiles it.  Java is reverse compilable, so
I think the bytecode will be the same either way.  Can someone confirm
this?  Then, it'd be nice if we could allow for upstream binaries to be
left alone, as long as developers have confirmed that their bytecode is
the same as upstream's.

Then, the regenerate-bytecode: target doesn't need to get called during
a debuild session (because the "source" is usually unchanged).  But it
must work, such that easy modifications are possible, in the case of eg.
a security hole.


Attachment: signature.asc
Description: Digital signature

Reply to: