Re: [GR] DD should be allowed to perform binary-only uploads
"Francesco P. Lovergine" <firstname.lastname@example.org> wrote:
> On Fri, Feb 09, 2007 at 03:37:28PM +0100, Pierre Habouzit wrote:
>> On Fri, Feb 09, 2007 at 02:44:37PM +0100, Francesco P. Lovergine wrote:
>> > The security implications of those practices should be evident to anyone.
>> This is (sorry) bullshit. Binary only uploads are _not_ less secure
>> than binary+source ones. Having a source side by side with the binary
>> module does not give more security than binary-only uploads.
> Nice considerations, but I was talking about
> buildd networks (which was at the origin of current vetos for some archs).
> So your considerations about binary vs source uploads can be interesting but
> not appropriate for the matter.
I don't get the point. Where's the additional security problem with
alternative/unofficial/untrastable/whatever-you-prefer buildd networks?
I see a technical problem (reproducibility, in particular for
stable-security builds) with binary uploads, but even there I don't see
the difference between binary-only and bin+source uploads.
I guess in the long run, we should establish i386 autobuilders and
either only allow source-only uploads, or require bin+src, but discard
the binary packages. On the social side, the availability of buildd
admins for work and communication needs to be improved, by whatever
measures are appropriate.
Dr. Frank Küster
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX/TeXLive)