On Mar 23, 2009, at 0:38 , Ryan Schmidt wrote:
Before we can allow arbitrary users to submit their builds to a central server, we would need to ensure that a build that occurs on one user's system is *identical* to the build on any other user's computer. This cannot currently be assured because MacPorts does not build in a chroot, and without this, it is possible for a port to link with libraries that happen to be on the user's system that it ought not link with -- be they libraries from other ports on which the port in question does not declare a dependency, or libraries in / usr/local, to which the compiler always looks.
Would two "identical builds" be byte-identical? If so, then a binary doesn't become available until *two* (or three or whatever) identical binaries are uploaded.
And/or, there's some command line library tool (I'm on vacation and my reference books are home) that I can run to get a listing of what libraries are called by a particular binary, isn't there? Wouldn't that help screen wacky-linked binaries?
The deliberate uploading of contaminated binaries, however, is a whole different kettle of worms. :/
_______________________________________________ macports-users mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
