Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
>>>>> "Colin" == Colin Watson <cjwatson@debian.org> writes:
Colin> On Thu, Feb 13, 2014 at 07:46:53PM +0100, Jakub Wilk wrote:
>> *shrug* It's not like it's difficult to hide malicious code in
>> source packages.
>>
>> How many configure scripts that we never rebuild from source
>> contains trojans?
Colin> Just like my favourite Russ quote:
Colin> Basically, people got tired of portability problems in
Colin> building shared libraries so they hid them all inside a
Colin> multi-thousand line shell script where no one can ever find
Colin> them because everyone who tries goes blind. -- Russ Allbery
I assure you, that even if you get past the being blind bit, it's still
impossible to figure out what's going on.
Reply to: