[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [GR] DD should be allowed to perform binary-only uploads

On Fri, Feb 09, 2007 at 03:55:32PM +0100, Francesco P. Lovergine wrote:
> On Fri, Feb 09, 2007 at 03:37:28PM +0100, Pierre Habouzit wrote:
> > On Fri, Feb 09, 2007 at 02:44:37PM +0100, Francesco P. Lovergine wrote:
> > > The security implications of those practices should be evident to anyone. 
> > 
> >   This is (sorry) bullshit. Binary only uploads are _not_ less secure
> > than binary+source ones. Having a source side by side with the binary
> > module does not give more security than binary-only uploads.
> > 
> Nice considerations, but I was talking about 
> alternative/unofficial/untrastable/whatever-you-prefer 
> buildd networks (which was at the origin of current vetos for some archs). 
> So your considerations about binary vs source uploads can be interesting but 
> not appropriate for the matter.

  I also addressed that part in my mail. The arguments I've read against
"rogue" buildds are threefold:
  * security (I _really_ think it's nonsense, as it's not less secure
    than the usual DD's uploads, which I tried to prove) ;
  * the buildd log problem : it's not a technical problem, as it was
    allowed in the past (I'm not even sure it's disabled either in fact);
  * the resource waste wrt wanna-build : here solutions could be found

  I've heard nothing else that would be a technical problem with binary
only uploads (those beeing issued on a seldom or a regular basis does
not really matters[0])

  I may be unaware of other arguments, but I've seen none convincing
enough so far.

  Note that I'm not advocating "rogue" buildd networks either, but I see
no valid reasons for building buildd hosts being so hard.

  [0] in fact I'd even say that if it's done at the "industrial" scale,
      there is a lot of chances the person doing it has built an
      automatized system based on sbuild or another very used system
·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

Attachment: pgprpkaPxJpbd.pgp
Description: PGP signature

Reply to: