2010/9/26 Giuseppe Ghibò <[email protected]> > > > 2010/9/26 nicolas vigier <[email protected]> > > On Sun, 26 Sep 2010, joris dedieu wrote: >> >> > 2010/9/26 Olivier Blin <[email protected]>: >> > > >> > > Because there are some authentication and integrity issues which are >> not >> > > simple to solve: we have to be sure that the binary packages really >> come >> > > from the unmodified SRPM (so that it does not contains malware). >> > >> > This can be avoid by >> > - building every package twice (also useful for integrity check) >> >> Then you can still do it with two hosts adding malware instead of one. >> > > What this means? Two RPMs built at different time will result different, > even the executable binaries when built on the same hardware at different > time might be different (because of timestamps, etc.). > > IMHO the idea of the cloud is not that bad but need to be rethinked. >
What about virtualization? Maybe we could set-up some kind of cluster of remote and dedicated vm's as a unique build system. Could be a good workaround over security and integrity issues, 'cause we are using a "single" build system.
_______________________________________________ Mageia-dev mailing list [email protected] https://www.mageia.org/mailman/listinfo/mageia-dev
