Re: lib-openxml-java is precompiled only: is this a bug?
>>"Fabrizio" == Fabrizio Polacco <fpolacco@debian.org> writes:
Fabrizio> Hi, I was examining other's java packages searching for
Fabrizio> ideas when I noticed that this package has sources, but
Fabrizio> they are not used to produce the binary package; a
Fabrizio> precompiled stuff, also included in the original package,
Fabrizio> is copyed into the binary. That's it.
Fabrizio> I felt this was a grave omission, and I was going to raise a bug ...
Fabrizio> ... but I wasn't able to find a place where this behaviour is
Fabrizio> sanctioned.
Fabrizio> can someone help me?
Hmm. In general, I think I would prefer to have code
recompiled by the maintainer (and hence, by apt-get source -b)
locally -- this prevents a binary only trojan attack, for one.
Also, this should be mandatory for packages that build on
multiple architectures (which may not be the case here, since this is
java).
Should policy explicitly deprecate this methodology? I am
inclined to think so, but I'm willing to be taught the error of my
ways.
manoj
--
All who joy would win Must share it -- Happiness was born a
twin. Lord Byron
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: