On Wed, Nov 28, 2018 at 07:52:08AM +0500, Alexander E. Patrakov wrote: > As long as there is one Debian Developer (or any other person who has the > right to upload binary packages) who has a merged /usr on his system used > for building packages, there is a risk of reintroducing the bug through his > package. Maybe we should somehow, in the short term, modify dpkg to add > something like "Tainted-By: usr-merge" control field to all binary packages > produced, if a package is built on a system with merged /usr (detected via > /bin being a symlink). And a corresponding automatic check that would > auto-reject binary packages with any Tainted-By control field from being > uploaded to the Debian archive. Tainted-By: built-not-on-buildd please. At the very least Tainted-By: built-not-in-clean-uptodate-sid-chroot. -- WBR, wRAR
Attachment:
signature.asc
Description: PGP signature