On Fri, Feb 09, 2007 at 03:55:32PM +0100, Francesco P. Lovergine wrote: > On Fri, Feb 09, 2007 at 03:37:28PM +0100, Pierre Habouzit wrote: > > On Fri, Feb 09, 2007 at 02:44:37PM +0100, Francesco P. Lovergine wrote: > > > The security implications of those practices should be evident to anyone. > > > > This is (sorry) bullshit. Binary only uploads are _not_ less secure > > than binary+source ones. Having a source side by side with the binary > > module does not give more security than binary-only uploads. > > > > Nice considerations, but I was talking about > alternative/unofficial/untrastable/whatever-you-prefer > buildd networks (which was at the origin of current vetos for some archs). > So your considerations about binary vs source uploads can be interesting but > not appropriate for the matter. I also addressed that part in my mail. The arguments I've read against "rogue" buildds are threefold: * security (I _really_ think it's nonsense, as it's not less secure than the usual DD's uploads, which I tried to prove) ; * the buildd log problem : it's not a technical problem, as it was allowed in the past (I'm not even sure it's disabled either in fact); * the resource waste wrt wanna-build : here solutions could be found easily. I've heard nothing else that would be a technical problem with binary only uploads (those beeing issued on a seldom or a regular basis does not really matters[0]) I may be unaware of other arguments, but I've seen none convincing enough so far. Note that I'm not advocating "rogue" buildd networks either, but I see no valid reasons for building buildd hosts being so hard. [0] in fact I'd even say that if it's done at the "industrial" scale, there is a lot of chances the person doing it has built an automatized system based on sbuild or another very used system anyway. -- ·O· Pierre Habouzit ··O madcoder@debian.org OOO http://www.madism.org
Attachment:
pgpFKZVbpJCnK.pgp
Description: PGP signature