Re: Circular build dependency in maven-plugin-tools

To: "Vincent Fourmond" <fourmond@gmail.com>
Cc: "Torsten Werner" <mail.twerner@googlemail.com>, "Debian Java List" <debian-java@lists.debian.org>
Subject: Re: Circular build dependency in maven-plugin-tools
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 08 Jan 2009 13:34:10 +0100
Message-id: <[🔎] 874p0a9dtp.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 2e474d6f0901080212w47a00167vae6f58c6fa1d1af8@mail.gmail.com> (Vincent Fourmond's message of "Thu, 8 Jan 2009 11:12:10 +0100")
References: <[🔎] c9c316090901071344t64552d73p574dc65196e61a2e@mail.gmail.com> <[🔎] a90bfcf0901071428j16b71b0fq7ea8b1684f1bd78d@mail.gmail.com> <[🔎] c9c316090901072152x328bcd5an2622acf03ba7f0d9@mail.gmail.com> <[🔎] a90bfcf0901080051v299a61f0m37bf8724e7b98e17@mail.gmail.com> <[🔎] 2e474d6f0901080119v69534728kf41688d8b542075e@mail.gmail.com> <[🔎] a90bfcf0901080127j7b2ab767idacc072a105c5293@mail.gmail.com> <[🔎] 2e474d6f0901080212w47a00167vae6f58c6fa1d1af8@mail.gmail.com>

* Vincent Fourmond:

>   Imagine there is a huge security hole in this package. Do you really
> think the security team will want to use the *problematic* package to
> build a *clean* one ?

The machines we use for building have no untrusted local users, and
only restricted networking.

Of course, we still lose if it is genuinely backdoored, but this
totally unrelated to the circular build dependency.

And from a DFSG compliance perspective, I prefer a circular build
dependency over bootstrapping from a blob in the source package.

Reply to:

References:
- Circular build dependency in maven-plugin-tools
  - From: "Onkar Shinde" <onkarshinde@gmail.com>
- Re: Circular build dependency in maven-plugin-tools
  - From: "Torsten Werner" <mail.twerner@googlemail.com>
- Re: Circular build dependency in maven-plugin-tools
  - From: "Onkar Shinde" <onkarshinde@gmail.com>
- Re: Circular build dependency in maven-plugin-tools
  - From: "Torsten Werner" <mail.twerner@googlemail.com>
- Re: Circular build dependency in maven-plugin-tools
  - From: "Vincent Fourmond" <fourmond@gmail.com>
- Re: Circular build dependency in maven-plugin-tools
  - From: "Torsten Werner" <mail.twerner@googlemail.com>
- Re: Circular build dependency in maven-plugin-tools
  - From: "Vincent Fourmond" <fourmond@gmail.com>

Prev by Date: Re: Circular build dependency in maven-plugin-tools
Next by Date: RFS: electric 8.08-1
Previous by thread: Re: Circular build dependency in maven-plugin-tools
Next by thread: RFS: electric 8.08-1
Index(es):
- Date
- Thread