[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Discarding uploaded binary packages




Le 16 oct. 2012 04:59, "Michael Gilbert" <mgilbert@debian.org> a écrit :
>
> I know this subject has been discussed on and off in the past, but
> there's new evidence that it's simply the right thing to do.
>
> Due to changes in upstream's build system, isc-dhcp recently started
> including build system paths in dhclient's search path.  This got a
> security identifier, and we've fixed it, but really the only
> architecture affected was the one I built and uploaded.  All of the
> packages built on the buildds were not since the PATH was something in
> /build vs. a home dir.  Also, Ubuntu was not affected since all of
> their packages go through their buildds.  Details in:
> http://bugs.debian.org/690532
>
> Anyway, all of these build system path sanitization issues can be
> eliminated by using the buildds for all architectures, since paths
> will start with at least /build that requires root-level action to
> exist on users' systems.
>
> So, are we ready to do this?
+1  ;-)

I agree with this. We face some cases where delivered binary have issues related to build context. Though most should be discovered by maintainer testing before upload, it would be more valid with a complete rebuild.

This is my opinion but I admit I have not followed previous discussions on the subject....
>
> Best wishes,
> Mike
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: CANTw=MNag1=MZG3GiUCyGXsVRBjDKc62_WNLYHP5juXo=_4AGw@mail.gmail.com">http://lists.debian.org/CANTw=MNag1=MZG3GiUCyGXsVRBjDKc62_WNLYHP5juXo=_4AGw@mail.gmail.com
>


Reply to: