Re: Bug#241689: I'm going to NMU this

To: debian-devel@lists.debian.org
Subject: Re: Bug#241689: I'm going to NMU this
From: Andreas Barth <aba@not.so.argh.org>
Date: Tue, 31 Aug 2004 17:32:50 +0200
Message-id: <[🔎] 20040831153250.GA12051@mails.so.argh.org>
Mail-followup-to: Andreas Barth <aba@not.so.argh.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 87k6vf8jdl.fsf@toncho.dhh.gt.org>
References: <E1C1QyD-00085t-2y@dual> <[🔎] 1093796769.15494.25.camel@descent.netsplit.com> <[🔎] 874qmlhnwq.fsf@mrvn.homelinux.org> <[🔎] 20040829182218.GD20591@bignachos.com> <[🔎] 87r7poeoyf.fsf@mrvn.homelinux.org> <[🔎] 20040831030919.GG458@riva.ucam.org> <[🔎] 20040831102319.GE5479@lukas.schuldei.com> <[🔎] 20040831130326.GK458@riva.ucam.org> <[🔎] 87k6vf8jdl.fsf@toncho.dhh.gt.org>

* John Hasler (john@dhh.gt.org) [040831 16:40]:
> Colin Watson writes:
> > Do you not think it is important for sponsors to verify what they're
> > sponsoring against trojans? How do you propose to verify a lump of binary
> > data you've received?

> By receiving both binary and source, verifying as you would with a full
> upload, and then uploading only the binary?

I would call this naive. For sourcefull sponsoring, you need to
rebuild on your own system, to prevent trojans in the binary. And if
you rebuild, why call it "binary sponsoring" at all then? Just call it
"you were hinted to do a rebuild".

Cheers,
Andi
-- 
   http://home.arcor.de/andreas-barth/
   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C

Reply to:

References:
- Re: Bug#241689: I'm going to NMU this
  - From: Scott James Remnant <scott@netsplit.com>
- Re: Bug#241689: I'm going to NMU this
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Bug#241689: I'm going to NMU this
  - From: Brian Nelson <pyro@debian.org>
- Re: Bug#241689: I'm going to NMU this
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Bug#241689: I'm going to NMU this
  - From: Colin Watson <cjwatson@debian.org>
- Re: Bug#241689: I'm going to NMU this
  - From: Andreas Schuldei <andreas@schuldei.org>
- Re: Bug#241689: I'm going to NMU this
  - From: Colin Watson <cjwatson@debian.org>
- Re: Bug#241689: I'm going to NMU this
  - From: John Hasler <john@dhh.gt.org>

Prev by Date: Re: Bug#241689: I'm going to NMU this
Next by Date: Re: Bug#241689: I'm going to NMU this
Previous by thread: Re: Bug#241689: I'm going to NMU this
Next by thread: Re: Bug#241689: I'm going to NMU this
Index(es):
- Date
- Thread