On 10/17/2016 01:43 AM, Ian Stakenvicius wrote:
>
> There is also no particular policy that I am aware of for ensuring
> packages are designed to be built from source first and foremost.
If all you're looking for is something to cite, then binary packages run
afoul of most of our existing QA and security guidelines:
* There are no USE flags to govern optional dependencies.
* CFLAGS, LDFLAGS, etc. are not respected.
* Certain compiler features (for example, stack-smashing protection)
are sidestepped.
* Dependencies are bundled or statically linked.
