Re: [GR] DD should be allowed to perform binary-only uploads
"Francesco P. Lovergine" <frankie@debian.org> wrote:
> On Fri, Feb 09, 2007 at 03:37:28PM +0100, Pierre Habouzit wrote:
>> On Fri, Feb 09, 2007 at 02:44:37PM +0100, Francesco P. Lovergine wrote:
>> > The security implications of those practices should be evident to anyone.
>>
>> This is (sorry) bullshit. Binary only uploads are _not_ less secure
>> than binary+source ones. Having a source side by side with the binary
>> module does not give more security than binary-only uploads.
>>
>
> Nice considerations, but I was talking about
> alternative/unofficial/untrastable/whatever-you-prefer
> buildd networks (which was at the origin of current vetos for some archs).
> So your considerations about binary vs source uploads can be interesting but
> not appropriate for the matter.
I don't get the point. Where's the additional security problem with
alternative/unofficial/untrastable/whatever-you-prefer buildd networks?
I see a technical problem (reproducibility, in particular for
stable-security builds) with binary uploads, but even there I don't see
the difference between binary-only and bin+source uploads.
I guess in the long run, we should establish i386 autobuilders and
either only allow source-only uploads, or require bin+src, but discard
the binary packages. On the social side, the availability of buildd
admins for work and communication needs to be improved, by whatever
measures are appropriate.
Regards, Frank
--
Dr. Frank Küster
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX/TeXLive)
Reply to: