-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 12/28/2015 07:33 PM, Michał Górny wrote: > On Mon, 28 Dec 2015 21:24:14 +0300 [email protected] wrote: > >> I’m suffering from the fact that users can distinguish packages >> containing binaries just by eye. There is no mechanism to >> allow/ignore such packages. For license restrictions we have >> ‘package.license/’ whitelist. >>
.. > > And you already covered here how different the notion of 'binary' > (or rather, 'pre-built') can be. There could be pre-built stuff > that is arch-specific or otherwise of limited portability. There > could be pre-built stuff that is portable. There could be pre-built > stuff whose rebuilding isn't really meaningful at all. Sure it is, at least a reproducable build in order to compare and ensure no malware being installed. I'm reading this more from a security point of view than performance, and the question makes perfect sense. - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJWg8pgAAoJECULev7WN52FTnYIAJoUrTdQCH4FkfvGR1HLIS0B SBg/GymkzWsWh0v2iTpW1RSG8R1fFbZn1sZwyKve5GOW+WaxQz5a5P731UiB5h5I cHiy9FfoCSpDadNqIVhyx+NMB10W1yiPoe7sea98ZtYsAWlrpAEbfHtvHVcfveNg HuxjAKu1cLil9XdZ9GHSMpEPcgq0LoKY2q3Mrq/J+XwUs1akSOa2NrX9QFSdpmJA hbustOWRqqLWkCXrDwau19J1LuM8HPFoiviA00qGmvOtp+RcZT+1NuHRYFCR4wI9 W9eYj8zWs/HzcubmheuY0Mk6D3Jkp1nxrsgvq9uceXTZ0TUqqD3JZzWUX/vIV2k= =vjF1 -----END PGP SIGNATURE-----
