[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Raising the severity of reproduciblity issues to "important"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 24/08/15 22:02, Vincent Bernat wrote:

> We have pushed other archive-wide goals that were not shared by
> all upstreams. For example, we have enabled hardening build flags
> on almost all packages and for packages that don't obey to the
> appropriate flags, bugs with severity "important" were filed.
> That's not that different of a reproducible build.

Sorry, but it's a *completely* different situation. The hardening
initiative made applications more secure and tamper resistant. The r-b
changes do nothing useful post-build.

Colin

- -- 
Colin Tuckley      |  +44(0)1223 830814  |  PGP/GnuPG Key Id
Debian Developer   |  +44(0)7799 143369  |     0x38C9D903

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV240FAAoJEPoMQQc4ydkDHmsP/R5evll9FAHE6luNzgU7dzuS
mF0/J4jdqi9TLBZ3IbrLFEBdOM2ojgfRnW+QMBMc5CSorbidSSsHcXg50/1rdImQ
X5/EVBa33YafGDEWg26HZnB1I0NAsLbiNVtafDs2KFrSrC0DomsVyveOr82HhoUD
BRzYE5eiOpovITKgkIcNLoa20COYiuW3BQvFK5rTHFmAw3jL70GdTd3j/1qlXg5p
dVDUo8vtcJeh0ReQg3j4oVEquCINEayktl//Gxh826urB5Xha+UbRzlucsq1XiUd
T1gZFDfvBisSTQtfixUeweQFGBnp6lG7Igy289GMQ+2GVY3q+vhQIP+Gbd5yLMFk
c2JFNuy6iGIb53qZYOF/BaOSHTiSD7Sfwy1f4CgqXTQeHl+gjG+yDQTSHP8sCaf5
iaz3wwxB0ERaQpwQ6FM7tINfdmEIocxcukcNw62hhvlpszerF1Td+V1wY3Eh9DGh
wHKETWBHZZFGlZVKMorSO0hjskfWiBc95/o65KLeuFeiNDFV0HSf0prvSW3Frk6p
dvIFPmSX/qYZeOqK/rjTURNBaVyB9dysKJ2BsoCq6yPJ3sOxGWtJjyp9kPPWZrJV
Eq97SxHvI6uv/Le86FZCygb8Fbm6yqdcNVuCI7lxJki8zpfwccQtg4IifwJHpwCK
80Tbq5VtQ8kcodoJxTeE
=XGSt
-----END PGP SIGNATURE-----
Reply to: