Hi list, I was wondering how it works for binary packages when they are compiled:
Are all binary packages compiled on Gentoo infrastructure after a source upload from the maintainer, or are there any binary packages compiled on maintainers computers and then uploaded on Gentoo infra? In fact, we had lots of trolls^W discussions about this point with friends and colleagues who use other distros. And there is a security question: do we allow uploads from developers without being sure the binary comes from the corresponding sources? (the maintainer may be malicious, or his computer may be compromised) The « binary upload » practice is very common in other distro communities such as Debian. Therefore I would like to know if we also have this flaw in Gentoo. (and what do you think about it) Thank you, JC
signature.asc
Description: Digital signature