martin f krafft <[EMAIL PROTECTED]> writes: > The reason I am pushing for this is because of two of my clients, who > have been wanting to use Debian for three years now but consciously > decided against it, because it is not guaranteed that the sources and > the binaries in our archives correspond for all architectures. They are > well aware that trojans can still exist, but it's an entirely different > thing whether they exist in source and hence in all architectures (which > would result in some serious negative feedback or even revocation of > upload rights), or just in one of the binaries and hence would be much > harder to detect/analyse.
I honestly think the security argument for doing this is silly. However, that does not mean I think it's a bad idea. I actually think it's a good idea, but for a somewhat different reason. Every single time we get ready to release stable, someone builds every package in the distribution and then encounters a bunch of FTBFS errors, particularly for arch: all packages. Many of those errors were always there and were never detected because we don't build arch: all packages anywhere outside the maintainer's system. Similarly, there have been packages in the archive with significantly different configured features and library dependencies on x86 than on any other platform because of where the maintainer built the package. So I'm not disagreeing with the goal. I just don't like the security argument for it and don't find it persuasive. But I would vote in favor of building all *.debs on central build servers. (Whether we still require a *.deb during upload is actually a separate question -- I think there's an argument, perhaps not persuasive, in favor of requiring that the upload contain built packages for at least one platform as a basic sanity check but just throwing away that build after verifying it exists.) -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
