On Fri, Feb 09, 2007 at 03:55:32PM +0100, Francesco P. Lovergine wrote: > On Fri, Feb 09, 2007 at 03:37:28PM +0100, Pierre Habouzit wrote: > > On Fri, Feb 09, 2007 at 02:44:37PM +0100, Francesco P. Lovergine wrote: > > > The security implications of those practices should be evident to anyone. > > > > This is (sorry) bullshit. Binary only uploads are _not_ less secure > > than binary+source ones. Having a source side by side with the binary > > module does not give more security than binary-only uploads. > > > > Nice considerations, but I was talking about > alternative/unofficial/untrastable/whatever-you-prefer > buildd networks (which was at the origin of current vetos for some archs). > So your considerations about binary vs source uploads can be interesting but > not appropriate for the matter.
I also addressed that part in my mail. The arguments I've read against
"rogue" buildds are threefold:
* security (I _really_ think it's nonsense, as it's not less secure
than the usual DD's uploads, which I tried to prove) ;
* the buildd log problem : it's not a technical problem, as it was
allowed in the past (I'm not even sure it's disabled either in fact);
* the resource waste wrt wanna-build : here solutions could be found
easily.
I've heard nothing else that would be a technical problem with binary
only uploads (those beeing issued on a seldom or a regular basis does
not really matters[0])
I may be unaware of other arguments, but I've seen none convincing
enough so far.
Note that I'm not advocating "rogue" buildd networks either, but I see
no valid reasons for building buildd hosts being so hard.
[0] in fact I'd even say that if it's done at the "industrial" scale,
there is a lot of chances the person doing it has built an
automatized system based on sbuild or another very used system
anyway.
--
·O· Pierre Habouzit
··O [EMAIL PROTECTED]
OOO http://www.madism.org
pgpacL88KSnTf.pgp
Description: PGP signature
