Re: Re: Architecture independent binaries and building from source

To: debian-devel@lists.debian.org
Subject: Re: Re: Architecture independent binaries and building from source
From: Roland Stigge <stigge@antcom.de>
Date: Wed, 11 Aug 2004 12:07:47 +0200
Message-id: <[🔎] 1092218866.6738.64.camel@atari.stigge.org>
In-reply-to: <[🔎] 200408101755.40122.sjackman@telus.net>

Hi,

Shaun Jackman wrote:
> This allows both redistribution of a pristine upstream binary as well
> as potential modification by the security team.

What worries me here is the wording: "pristine". The other extreme would
be "proprietary" which is also valid. Maybe we are talking about the
difference between "Open Source/Free Software" and "Shared Source".

Your reasoning was about checksumming binaries for comparison with
upstream. Why would someone do this with Debian provided software? If a
user doesn't trust Debian, she simply can't use it. The rest of a Debian
install could do all kinds of evil things, even if the user checked one
upstream binary.

In addition to what has been said, it is common for many people to use
non-free build environments. Not only upstream, but also Debian
maintainers who are surprised when I file FTBFS reports after rebuilding
in a clean (Debian main) environment. By skipping the building from
source code we would hide such problems (which can surface very
annoyingly later for the security team, as Joey mentioned). Providing an
additional debian/rules target that nobody uses (until we have a binding
policy for that) would be hypocrisy.

bye,
  Roland

Reply to:

References:
- Re: Architecture independent binaries and building from source
  - From: Shaun Jackman <sjackman@telus.net>

Prev by Date: Re: Advice with uncooperative maintainers
Next by Date: Re: build, build-arch and build-indep targets in debian/rules
Previous by thread: Re: Architecture independent binaries and building from source
Next by thread: Re: Architecture independent binaries and building from source
Index(es):
- Date
- Thread