Bug#827487: bytes-circle_2.2-1_amd64.changes REJECTED

To: "Roberto S. Galende" <roberto.s.galende@gmail.com>, 827487@bugs.debian.org
Subject: Bug#827487: bytes-circle_2.2-1_amd64.changes REJECTED
From: Adam Borowski <kilobyte@angband.pl>
Date: Tue, 21 Jun 2016 13:22:15 +0200
Message-id: <[🔎] 20160621112215.GA20636@angband.pl>
Reply-to: Adam Borowski <kilobyte@angband.pl>, 827487@bugs.debian.org
In-reply-to: <[🔎] CACdNo9yK4ry3BqJg09AX+QQmSeWR3zQ2UTPpqHck4M-Er+bBmA@mail.gmail.com>
References: <E1bEu84-0006ES-1V@franck.debian.org> <[🔎] 20160620082811.GA3002@angband.pl> <[🔎] CACdNo9yyyX5wgpLf-gOHC2bsYwfbqxgMDMO5oeh+w=4=P5XSZQ@mail.gmail.com> <[🔎] 20160621003655.GA17648@angband.pl> <[🔎] CACdNo9ybTLJbrswcwwTWY1eQJ2HtGMhxnokTJPDq3O=0pmMyNg@mail.gmail.com> <[🔎] CACdNo9yK4ry3BqJg09AX+QQmSeWR3zQ2UTPpqHck4M-Er+bBmA@mail.gmail.com>

On Tue, Jun 21, 2016 at 09:38:46AM +0200, Roberto S. Galende wrote:
> Hi Adam,
> It appears as just amd64, when it's marked "any", but I don't know if it'll
> be compiled for other architectures or I'm just too impatient :-)

It will, you can watch the current progress, failures and logs at:
https://buildd.debian.org/status/package.php?p=bytes-circle&suite=unstable

Debian is currently moving towards source-only uploads, but at the moment
binaries of at least one architecture are still required for NEW packages. 
This is bad, as I could have snuck some nefarious code through, be it
accidentally (like, via having an experimental or out-of-Debian compiler or
a library installed) or to subvert security.  Sure, it is possible to sneak
something nasty in the source (the Underhanded C Contest has some nice ideas
how, even in face of thorough review) but it's MASSIVELY easier to do it
undetected by uploading a binary that doesn't correspond to the source. 
Thus, you have no assurance bytes-circle:amd64 is untainted.

Any subsequent uploads can be source-only.

Meow!
-- 
An imaginary friend squared is a real enemy.

Reply to:

Follow-Ups:
- Re: Bug#827487: bytes-circle_2.2-1_amd64.changes REJECTED
  - From: Sean Whitton <spwhitton@spwhitton.name>

References:
- Bug#827487: bytes-circle_2.2-1_amd64.changes REJECTED
  - From: Adam Borowski <kilobyte@angband.pl>
- Bug#827487: bytes-circle_2.2-1_amd64.changes REJECTED
  - From: "Roberto S. Galende" <roberto.s.galende@gmail.com>
- Bug#827487: bytes-circle_2.2-1_amd64.changes REJECTED
  - From: Adam Borowski <kilobyte@angband.pl>
- Bug#827487: bytes-circle_2.2-1_amd64.changes REJECTED
  - From: "Roberto S. Galende" <roberto.s.galende@gmail.com>
- Bug#827487: bytes-circle_2.2-1_amd64.changes REJECTED
  - From: "Roberto S. Galende" <roberto.s.galende@gmail.com>

Prev by Date: Bug#827082: RFS: libredjackipset/1.1.1+20150311-1 [ITP] -- C library to store sets/maps of IP address
Next by Date: Bug#827685: RFS: elpa-undo-tree/0.6.4-1 ITP
Previous by thread: Bug#827487: bytes-circle_2.2-1_amd64.changes REJECTED
Next by thread: Re: Bug#827487: bytes-circle_2.2-1_amd64.changes REJECTED
Index(es):
- Date
- Thread