[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition

No kidding!

How many uploaded binaries might include malware?

A lack of binary determinism in the build process basically ensures
that it isn't feasible to discover an answer to this question. :(

All the best,

On 2/13/14, Holger Levsen <holger@layer-acht.org> wrote:
> Hi,
> On Donnerstag, 13. Februar 2014, Ondřej Surý wrote:
>> this is just a pledge to you all fellow debian developers to update your
>> build environment before you build a package.
> I want all binary packages to be rebuild on *.debian.org hosts. Everything
> else is just an ugly workaround.
> amen,
> 	Holger
> P.S.: and reproducible builds after that, then...

Reply to: