[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Recompilation of ALL Debian packages ...

martin f krafft dijo [Sat, Sep 02, 2006 at 08:42:34AM +0200]:
> also sprach Russ Allbery <rra@debian.org> [2006.09.02.0141 +0200]:
> > I honestly think the security argument for doing this is silly.
> Clients do not want to hear something like that.

Please... Do you mean they trust me (as an unknown person with upload
privileges to Debian) to produce proper sources, but to trojan the
binary packages? Do they think that all of the other DDs (or a
significant number of them anyway) will check my .orig.tar.gz is the
same as upstream's, and that my .diff.gz is sane?

I don't buy that as an argument. I do support rebuilding everything,
to ensure buildability of arch: all packages and to ensure
buildability under the architecture on which arch-dependent packages
were originally built, ensuring dependencies are complete and so.


Gunnar Wolf - gwolf@gwolf.org - (+52-55)5623-0154 / 1451-2244
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF

Attachment: signature.asc
Description: Digital signature

Reply to: