On Fri, Feb 09, 2007 at 03:55:32PM +0100, Francesco P. Lovergine wrote:
> On Fri, Feb 09, 2007 at 03:37:28PM +0100, Pierre Habouzit wrote:
> > On Fri, Feb 09, 2007 at 02:44:37PM +0100, Francesco P. Lovergine wrote:
> > > The security implications of those practices should be evident to anyone.
> >
> > This is (sorry) bullshit. Binary only uploads are _not_ less secure
> > than binary+source ones. Having a source side by side with the binary
> > module does not give more security than binary-only uploads.
> >
>
> Nice considerations, but I was talking about
> alternative/unofficial/untrastable/whatever-you-prefer
> buildd networks (which was at the origin of current vetos for some archs).
> So your considerations about binary vs source uploads can be interesting but
> not appropriate for the matter.
I also addressed that part in my mail. The arguments I've read against
"rogue" buildds are threefold:
* security (I _really_ think it's nonsense, as it's not less secure
than the usual DD's uploads, which I tried to prove) ;
* the buildd log problem : it's not a technical problem, as it was
allowed in the past (I'm not even sure it's disabled either in fact);
* the resource waste wrt wanna-build : here solutions could be found
easily.
I've heard nothing else that would be a technical problem with binary
only uploads (those beeing issued on a seldom or a regular basis does
not really matters[0])
I may be unaware of other arguments, but I've seen none convincing
enough so far.
Note that I'm not advocating "rogue" buildd networks either, but I see
no valid reasons for building buildd hosts being so hard.
[0] in fact I'd even say that if it's done at the "industrial" scale,
there is a lot of chances the person doing it has built an
automatized system based on sbuild or another very used system
anyway.
--
·O· Pierre Habouzit
··O madcoder@debian.org
OOO http://www.madism.org
Attachment:
pgpFKZVbpJCnK.pgp
Description: PGP signature