On Tue, Nov 18, 2008 at 10:58 PM, John Sonnenschein <[EMAIL PROTECTED]> wrote: > > On 18-Nov-08, at 2:49 PM, Alan Coopersmith wrote: > >> Nicolas Williams wrote: >>> On Tue, Nov 18, 2008 at 02:09:30PM -0800, John Sonnenschein wrote: >>>> That would be acceptable. I'd still prefer the code to be built on >>>> an >>>> internal machine such that we have an exact record, but I'm >>>> willing to >>>> bend this far. >>> >>> I think you'd have to insist that it be [re-]built by "Sun >>> employees on >>> isolated machines" (certainly not just on SWAN!). >> >> And using only compilers and CPU's that have somehow been certified? >> >> http://cm.bell-labs.com/who/ken/trust.html (summarized briefly at >> http://en.wikipedia.org/wiki/Backdoor_(computing)#Reflections_on_Trusting_Trust >> ) > > Are you arguing that because we can't have 100% trust we should just > trust everything always no matter what? > > My argument is that accepting binary somehow built by someone we may > or may not know on some unknown environment and putting them in a > repository blessed by virtue that it's on a repo that carries the > namesake is just totally foolish. > _______________________________________________ > desktop-discuss mailing list > [EMAIL PROTECTED] >
I think one of the goals to build a big community is to blur the lines between Sun employees and community members in the contributions to places like the contrib repo (sorry for the pun). We need to embrace the community and not make them feel respected by not undervalueing their work. In Ubuntu you don't know the difference if something came from Canonical or community and they have built a fantastic community. Red Hat is a good example of the other way around. That said, we shouldn't accept binary built in an untrust worthy machine. The process we define has to make submissions be built in our controled systems. How Launchpad works. Luis de Bethencourt -- Luis de Bethencourt GuimerĂ¡ luisbg <[EMAIL PROTECTED]> GPG: B0ED1326 _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
