Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition

To: debian-devel@lists.debian.org
Subject: Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
From: Sam Hartman <hartmans@debian.org>
Date: Thu, 13 Feb 2014 21:38:35 +0000
Message-id: <[🔎] 000001442d2fdd79-9235a03c-59d2-426a-9e7f-767912027c43-000000@email.amazonses.com>
In-reply-to: <[🔎] 20140213211244.GA31976@riva.ucam.org> (Colin Watson's message of "Thu, 13 Feb 2014 21:12:44 +0000")
References: <[🔎] 1392295131.23481.82943513.2A8023E7@webmail.messagingengine.com> <[🔎] 201402131713.36134.holger@layer-acht.org> <[🔎] CAFggDF1iGi23FAhWHsSWhSAcE1XSVViWNOb+i5n+SkYH4bq3_A@mail.gmail.com> <[🔎] 20140213184653.GA5700@jwilk.net> <[🔎] 20140213211244.GA31976@riva.ucam.org>

>>>>> "Colin" == Colin Watson <cjwatson@debian.org> writes:

    Colin> On Thu, Feb 13, 2014 at 07:46:53PM +0100, Jakub Wilk wrote:
    >> *shrug* It's not like it's difficult to hide malicious code in
    >> source packages.
    >> 
    >> How many configure scripts that we never rebuild from source
    >> contains trojans?

    Colin> Just like my favourite Russ quote:

    Colin>   Basically, people got tired of portability problems in
    Colin> building shared libraries so they hid them all inside a
    Colin> multi-thousand line shell script where no one can ever find
    Colin> them because everyone who tries goes blind.  -- Russ Allbery

I assure you, that even if you get past the being blind bit, it's still
impossible to figure out what's going on.

Reply to:

Follow-Ups:
- Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
  - From: Thorsten Glaser <t.glaser@tarent.de>

References:
- Please upgrade your build environment when you are affected by transition
  - From: Ondřej Surý <ondrej@sury.org>
- when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
  - From: Holger Levsen <holger@layer-acht.org>
- Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
  - From: Jacob Appelbaum <jacob@appelbaum.net>
- Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
  - From: Jakub Wilk <jwilk@debian.org>
- Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
Next by Date: Re: FFmpeg vs. libav packaging (was Re: Proposal: SystemD.pushers/forcers, et cetera)
Previous by thread: Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
Next by thread: Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
Index(es):
- Date
- Thread