[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#241689: I'm going to NMU this

* John Hasler wrote:
> Colin Watson writes:
> > Do you not think it is important for sponsors to verify what they're
> > sponsoring against trojans? How do you propose to verify a lump of binary
> > data you've received?
> By receiving both binary and source, verifying as you would with a full
> upload, and then uploading only the binary?

And how do you ensure that the binary is built from the source you received?


PGP-Key: http://www.mmweg.rwth-aachen.de/~sebastian.ley/public.key
Fingerprint: A46A 753F AEDC 2C01 BE6E  F6DB 97E0 3309 9FD6 E3E6

Reply to: