martin f krafft wrote: > also sprach Russ Allbery <[EMAIL PROTECTED]> [2006.09.01.0241 +0200]: >> Rebuilding every package really doesn't buy you that much in the >> way of security. > > This is arguable and I don't want to go there. The reason I am > pushing for this is because of two of my clients, who have been > wanting to use Debian for three years now but consciously decided > against it, because it is not guaranteed that the sources and the > binaries in our archives correspond for all architectures. They are > well aware that trojans can still exist, but it's an entirely > different thing whether they exist in source and hence in all > architectures (which would result in some serious negative feedback > or even revocation of upload rights), or just in one of the binaries > and hence would be much harder to detect/analyse.
How big are your clients? If they're good-sized companies with a spare computer, they can compile all the packages they use locally from Debian source with not *too* much work. -- Nathanael Nerode <[EMAIL PROTECTED]> Bush admitted to violating FISA and said he was proud of it. So why isn't he in prison yet?... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
