On Wed, Feb 13, 2008 at 07:14:21PM +0100, Raphael Hertzog wrote:
> That said, there are good reasons why one shouldn't do (massive)
> binary-uploads (reproducibility of builds on official buildd => important
> for the security team which will have to make builds of packages on the
> official buildd during lifetime of the stable release, availability of
> logs in buildd.debian.org).
The architecture for which a DD is initially uploading a package is
already lacking a build log on buildd.debian.org and the corresponding
build has no guarantee to be reproducible.
So if these are good arguments for not doing (massive) binary uploads,
they are also good arguments for not allowing binary-uploads at all
(thousands DDs making binary uploads are hardly worst than 1 DD doing
massive binary uploads). Or, if you prefer, they are good arguments for
throwing away the .debs uploaded by DDs and rebuilding them from
scratch.
SCNR, really.
--
Stefano Zacchiroli -*- PhD in Computer Science ............... now what?
zack@{upsilon.cc,cs.unibo.it,debian.org} -<%>- http://upsilon.cc/zack/
(15:56:48) Zack: e la demo dema ? /\ All one has to do is hit the
(15:57:15) Bac: no, la demo scema \/ right keys at the right time
Attachment:
signature.asc
Description: Digital signature