On Sat, Feb 10, 2007, Julien Cristau <jcristau@tifnc.org> wrote: > On Fri, Feb 9, 2007 at 17:17:10 +0100, Michael Banck wrote: > > Maybe "security" in this context means "build can be reproduced by our > > official buildd network and we are therefore sure our security team can > > issue security updates for this package using said network". > > > Nobody said bin-only uploads were secure, only that they aren't less > secure than bin+source uploads, which is also true for your definition > of "security". Well strictly speaking he has a point, I suppose we can assert for the sake of the discussion that every DSA-handled machine have a quite similar environment, and that we cannot be sure about that for other env's. But that would be true for the Maintainer machine as well, and we come back to the long-running-gag^H^H^Hdiscussion about source-only uploads (or uploads where the binary part is always rebuilt which is almost equivalent). -- ·O· Pierre Habouzit ··O madcoder@debian.org OOO http://www.madism.org
Attachment:
pgpwm8jakvlAW.pgp
Description: PGP signature