On 04/04/2018 18:19, Programmingkid wrote: >>> I guess there is just too much distrust to provide a QEMU binary for >>> download. >> It's not distrust, it's responsibility. >> >> Paolo > So from what I learned, in order to provide a binary of QEMU, these things > must be done: > - Some kind of checksum be provided for the binary (md5, SHA512, ...) > - A zip file that has the exact code used to build the binary be provided > - The complete environment use to build the binary be documented > -- Operating system name and version > -- name and version of various tools used to build the binary (GCC, make, ...) > -- name and version of libraries that are linked to QEMU (libc, pixman, ...) > - The exact command-line options used to build the binary be provided > - The email address and identity of the person who made the binary be provided > > If anything is missing please feel free to share.
In practice a GPG signature, with a signature well-connected to other people in the QEMU community, would already be a very good start. If the exact code is not a release tarball, that would also be required. The command line options used for the build can be documented in the wiki. Paolo
