Hi Luca,

On Mon, Apr 26, 2010 at 05:52:34PM +0200, Luca Falavigna wrote:
Il 25/04/2010 17.33, Jonas Smedegaard ha scritto:
 jack-audio-connection-kit (1.9.5~dfsg-1) unstable; urgency=low
   [ Jonas Smedegaard ]
   * Use system waf. Build-depend on waf.
       - Strip binary waf file (too risky to blindly invoke, and too much
         hassle unpacking and inspecting properly).

I'm trying to remove waf from Debian (see [1]), and this package is the last one still build-depending on it. Could you please undo this change?

I want to, just haven't figured out yet a way to use the shipped waf in a way that I can trust: I really do not want to blindly execute an upstream-shipped binary chunk. yes, I am aware that it is not really a binary blob but a self-extracting tarball of some kind, just haven't figured out a way to script unpacking it and verifying if its content is sane.

Would you perhaps happen to know of an elegant approach? Or maybe you have a list of prior users of your waf package so that I can go examine those myself (and hope that what I find is not horrible relaxed execution everywhere)?

Kind regards,

 - Jonas

* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: Digital signature

pkg-multimedia-maintainers mailing list

Reply via email to