[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GPL-licensed software linked against libssl on buildds!

On Tue, Jan 19, 2010 at 03:40:22PM -0800, Russ Allbery wrote:
> Lucas Nussbaum <lucas@lucas-nussbaum.net> writes:
> > On 19/01/10 at 14:36 -0800, Russ Allbery wrote:
> 
> >> Well, I would argue that proper package builds in dirty environments is
> >> something we want in Debian anyway, and while this isn't the ideal
> >> method to find it, it would be a bug regardless of how the buildds
> >> worked.
> 
> > Why would we want that?
> 
> > I mean, it's very difficult to guarantee that packages build correctly
> > in dirty envs. I don't really see the point of enforcing that when we
> > have the technology (pbuilder, sbuild + lvm snapshots) there to ignore
> > that problem.
> 
> Because we want our users to be able to patch and rebuild our software to
> suit their needs.  Asking them to set up a chroot build environment is
> asking quite a lot.

That is certainly a good goal, but I think it should be done outside the
scope of autobuilding, where we want clean, reproducable builds.

Something like an occasional archive-wide rebuild using a specially
prepared, overly-tainted (with -dev libraries) chroot and comparing to a
second run with clean chroot would be more worthwhile I think (albeit more work
as well).


Michael
Reply to: