On 14/01/2013 22:44, n j wrote:
> One thing to think about would be the option of port maintainers uploading
> the pre-compiled package of the updated port (or if the size of the upload
> is an issue then just the hash signature of the valid package archive so
> other people with more bandwidth can upload it) to help the package
> building cluster (at least for mainstream architectures). The idea behind
> it being that the port maintainer has to compile the port anyway and pkg
> create is not a big overhead. The result would be a sort of distributed
> package building solution.
Sorry. Distributed package building like this is never going to be
acceptable. Too much scope for anyone to introduce trojans into
packages. Building packages securely is a very big deal, and as recent
events have shown, you can't take any chances.
Cheers,
Matthew
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
