On Wed, 27 Dec 2017, Paul Sherwood wrote: > > - Github is proprietary, so we can not properly assess what is being done > to/with the repos, or who is doing it.
While there might be other reasons to prefer using services from people who also publish free software, I don't think "properly assessing what is being done to/with the repos" is one of them. In both cases we we don't have access to their servers, so we cannot check that they are running exactly the same software they are publishing. So in both cases we have to trust them. _______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds