[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Results of the meeting in Helsinki about the Vancouver proposal

On 8/22/05, Hamish Moffatt <hamish@debian.org> wrote:
> Really? The maintainer can still embed "rm -rf /" in the postinst either
> way. We need to be able to trust developers.
> Similarly, sponsored packages should be rebuilt because the project
> hasn't decided to official trust those contributors.

But it's far easier to check (audit?) source code then to check binaries.

Reply to: