Recompilation of ALL Debian packages ...
I was listening to madduck's presentation for Irish LUG
/technical/martinfkrafft_talk.html) and I was quite shocked to
learn, that not all binary packages are compiled through buildd
network, but that most binary packages (mostly those created on
i386 platform) are uploaded directly by DD.
In bad old days when I was using RedHat I dimly remember that
contributions to contrib/ directory at RedHat.com were allowed
to be only as .src.rpm packages and 386.rpm were immediately
deleted without RH system even thinking about them (through
crontab). Why in the world is this not done Debian is besides me
(actually, I thought, it IS done) -- I don't think there would
be not enough buildd machines with i386, if Debian people would
try to find them.
Madduck pointed me towards older discussion on this issue
May 2004 [!], which is really strange -- everybody agrees that
it is real security issue, that it wouldn't be that difficult to
resolve, but if I am not mistaken, nothing happened so far.
Another comment from that discussion made even more thinking
about this -- somebody mentioned, that of course many DDs are
not compiling their packages in clean chroot. I have always
thought that beauty of the fact (which I believed to be true
then) that everything is recompiled was that all Dependencies
are really tried in the hard way -- in clean chroot. Apparently
this is not the case, and Debian is not that much different than
some more adventurous distributions where dependency hell may
Wouldn't it be sensible to add that line to crontab (e.g., rm -f
$INCOMING_QUEUE/*.deb; we have even advantage over Red Hat, that
we don't have to fiddle with find to delete just binary *.rpm
and preserve *.src.rpm :-)) and to recompile everything?
GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC
http://www.ceplovi.cz/matej/blog/, Jabber: firstname.lastname@example.org
23 Marion St. #3, (617) 876-1259, ICQ 132822213
He is a self-made man and worships his creator.
-- John Bright