Re: [Development] Qt5 combined source package - Perl dependency

[Oswald Buddenhagen]

On Mon, Apr 29, 2013 at 11:25:14AM -0700, Thiago Macieira wrote:
> Adding a random file somewhere *usually* isn't a problem. It is a problem 
> only 
> if the presence of a file changes the output of the build. And that's exactly 
> what configure.exe and the include/ dir do: they change the output. It's not 
> possible to cryptographically verify them. [...]
> 
> You're going to say: why don't security-conscious people download from Git? I 
> would say that they should. But some people may not be able to access our Git 
> servers from their networks.
> 
even adding these together, i don't see any problem. the ultra-paranoid
ones can simply delete include/ (and configure.exe) from the extracted
source tree, and thus start as if they got the sources from git (as
projected now, they'd need a "git init" to trick the build system into
believing it's a real git build. that could be rectified by adding a
-git-build option to configure).
_______________________________________________
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development