Hi Luca, On Mon, Apr 26, 2010 at 05:52:34PM +0200, Luca Falavigna wrote:
Il 25/04/2010 17.33, Jonas Smedegaard ha scritto:jack-audio-connection-kit (1.9.5~dfsg-1) unstable; urgency=low . [ Jonas Smedegaard ] * Use system waf. Build-depend on waf. - Strip binary waf file (too risky to blindly invoke, and too much hassle unpacking and inspecting properly).I'm trying to remove waf from Debian (see ), and this package is the last one still build-depending on it. Could you please undo this change?
I want to, just haven't figured out yet a way to use the shipped waf in a way that I can trust: I really do not want to blindly execute an upstream-shipped binary chunk. yes, I am aware that it is not really a binary blob but a self-extracting tarball of some kind, just haven't figured out a way to script unpacking it and verifying if its content is sane.
Would you perhaps happen to know of an elegant approach? Or maybe you have a list of prior users of your waf package so that I can go examine those myself (and hope that what I find is not horrible relaxed execution everywhere)?
Kind regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Description: Digital signature
_______________________________________________ pkg-multimedia-maintainers mailing list email@example.com http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers