[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Discarding uploaded binary packages

On Wed, Oct 17, 2012 at 4:55 PM, Bernhard R. Link wrote:
> * Michael Gilbert <mgilbert@debian.org> [121017 22:19]:
>> Anyway, reading again, I not sure that your reply actually considers
>> build path sanitization problems, which is what my statement was
>> about.
>
> I'm stating that doing all the builds on buildds will not avoid the
> need to fix the package.

Ubuntu chose to come to that conclusion on this issue.

> (Unless you are arguing that people locally
> modifying their packages are supposed to get security problems).

That is true: if there is a build path sanitization issue, then if the
user chooses to rebuild the package they will get their own rogue
paths.  So, yes, we should always fix those issues when they're found,
but at least for people using buildd'd packages, it's less of a
problem.

Best wishes,
Mike
Reply to: