Luis de Bethencourt wrote: > On Tue, Nov 18, 2008 at 11:07 PM, Shawn Walker <[EMAIL PROTECTED]> wrote: >> Luis de Bethencourt wrote: >>> That said, we shouldn't accept binary built in an untrust worthy >>> machine. The process we define has to make submissions be built in our >>> controled systems. How Launchpad works. >> Being aware that a "trustworthy machine" is highly dependent upon the >> machine, the person using it, and so forth. >> >> Again, don't forget the exception cases. >> >> I don't think anyone here is suggesting that only certain people can >> build software. >> >> If we are, that's sort of silly, since we can't distribute the workload >> if we do that.
> Can you define distribute the workload? I'm not talking about the CPU compilation, etc. I'm talking about "people resources" needed to re-do work that's already been done. Hence my reference to certain people doing the build. For example, if someone contributing a package has been trusted with access to a build system, they should be able to build it on that system and publish it with approval instead of someone else having to do so. > As far as I know all Linux distros have a build machine in the > official repo (the one that gets mirrored) and nobody complains. I > wouldn't trust a deb package built by someone I don't know and that I > can't check the sources. The exception to this is gentoo, which makes > the users be their own build systems in most of the cases. But you are trusting people you don't know and hence why the Debian OpenSSL debacle happened. -- Shawn Walker _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
