martin f krafft dijo [Sat, Sep 02, 2006 at 08:42:34AM +0200]: > also sprach Russ Allbery <rra@debian.org> [2006.09.02.0141 +0200]: > > I honestly think the security argument for doing this is silly. > > Clients do not want to hear something like that. Please... Do you mean they trust me (as an unknown person with upload privileges to Debian) to produce proper sources, but to trojan the binary packages? Do they think that all of the other DDs (or a significant number of them anyway) will check my .orig.tar.gz is the same as upstream's, and that my .diff.gz is sane? I don't buy that as an argument. I do support rebuilding everything, to ensure buildability of arch: all packages and to ensure buildability under the architecture on which arch-dependent packages were originally built, ensuring dependencies are complete and so. Greetings, -- Gunnar Wolf - gwolf@gwolf.org - (+52-55)5623-0154 / 1451-2244 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF
Attachment:
signature.asc
Description: Digital signature