also sprach Thibaut Paumard <thibaut@debian.org> [2012.11.20.1403 +0100]:
> That's why we currently require a binary together with the source. It
> tautologically proves that you successfully built it.
Nope, it does not. It could also prove that you know how to use
changestool to engineer a .changes file combining a source package
with an older DEB file, or even an empty DEB file.
Point being, there is no way to prove that a package builds. And
even if you built it and included it in the upload, you might have
done so on a non-clean chroot or in another whack environment with
e.g. build-dependencies installed without having them listed in
debian/control.
--
.''`. martin f. krafft <madduck@d.o> Related projects:
: :' : proud Debian developer http://debiansystem.info
`. `'` http://people.debian.org/~madduck http://vcs-pkg.org
`- Debian - when you have better things to do than fixing systems
"stab it and steer"
-- sailor
Attachment:
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)