* Peter Samuelson pet...@p12n.org, 2014-02-26, 09:15:
And if there are any cases even more exotic (you need to restrict the
arch but _not_ because of build-dep availability):
Build-Conflicts-Indep: build-essential [!i386]
To be pedantically correct, one should conflict with a
Sam Hartman hartmans at debian.org writes:
[ autotools ]
I assure you, that even if you get past the being blind bit, it's still
impossible to figure out what's going on.
And even then, even when you did the unbelievable and, say, ported libtool
to MirBSD and Interix (consuming a whole bottle
Paul Tagliamonte paultag at debian.org writes:
On Fri, Feb 14, 2014 at 04:39:25PM +0100, Wouter Verhelst wrote:
Are buildd people happy with humans sending their logs this way?
Well, I am, but it's probably not my call.
Which keyring does it use to validate? Can DMs send logs? Does
Carlos Alberto Lopez Perez clopez at igalia.com writes:
On 13/02/14 22:10, Dimitri John Ledkov wrote:
All that's needed, I guess, is for someone to write a patch to dak /
wanna-build ... and schedule _all.deb builds on amd64 ?
Or if arch-restricted package, on one of the arches it will
On Wed, Feb 26, 2014 at 01:11:55PM +, Thorsten Glaser wrote:
First, we need new syntax to specify the architectures an arch:all
package may be built on. (There may be cases where this cannot be
deducted from the other binary packages it builds – if any. Heck,
there may even be cases where
* Paul Tagliamonte paul...@debian.org, 2014-02-26, 08:39:
First, we need new syntax to specify the architectures an arch:all
package may be built on. (There may be cases where this cannot be
deducted from the other binary packages it builds – if any. Heck,
there may even be cases where a
On Wed, Feb 26, 2014 at 03:55:37PM +0100, Jakub Wilk wrote:
BTW; the syntax would define a single arch; you know, in the
spirit of reproducability.
I have mixed feeling about this. On one hand, most[0] of arch:all
packages can be built on more than one architecture, so “single
arch” sounds
Hi,
Le 26/02/2014 15:55, Jakub Wilk a écrit :
* Paul Tagliamonte paul...@debian.org, 2014-02-26, 08:39:
First, we need new syntax to specify the architectures an arch:all
package may be built on. (There may be cases where this cannot be
deducted from the other binary packages it builds – if
[Paul Tagliamonte]
I was going to send a mail about this yesterday. I've decided
I'm going to start a quest to support this. I settled on
Build-Indep-Architecture myself.
Sorry for the bikeshedding, but don't we already have ways to express
exactly what we mean?
Build-Depends-Indep:
On 27/02/14 00:39, Paul Tagliamonte wrote:
On Wed, Feb 26, 2014 at 01:11:55PM +, Thorsten Glaser wrote:
First, we need new syntax to specify the architectures an arch:all
package may be built on. (There may be cases where this cannot be
deducted from the other binary packages it builds –
On Thu, Feb 27, 2014 at 7:51 AM, William Grant wrote:
I'd probably define Build-Indep-Architecture: armhf armel to mean
build with -A on armhf if you have it, otherwise armel, otherwise
nowhere. But maybe it would be better for otherwise nowhere to be
otherwise anywhere?
You could use this
On Thu, Feb 13, 2014 at 10:17:46PM +0100, Holger Levsen wrote:
nope, it's worse than you think: the arch specific package built on the
developers machine (in a random^wnon predicatable environment) will not be
rebuild, there are also no build logs available.
See
On 2014-02-14 16:42, Paul Tagliamonte wrote:
On Fri, Feb 14, 2014 at 04:39:25PM +0100, Wouter Verhelst wrote:
Are buildd people happy with humans sending their logs this way?
Well, I am, but it's probably not my call.
Which keyring does it use to validate? Can DMs send logs? Does it
validate
On Sat, 15 Feb 2014, Philipp Kern wrote:
That's why I was careful to publish the address nowhere. We do some
Unfortunately, that cat is out of the bag, now. Whether it will get spammed
or attacked, I don't know.
However, it is not like we ever could trust the logs anyway for any security
* Philipp Kern pk...@debian.org, 2014-02-15, 15:19:
Are buildd people happy with humans sending their logs this way?
Well, I am, but it's probably not my call.
Which keyring does it use to validate? Can DMs send logs? Does it
validate at all, or can some script kiddies use it as a pastebin
On 2014-02-15 15:34, Henrique de Moraes Holschuh wrote:
On Sat, 15 Feb 2014, Philipp Kern wrote:
That's why I was careful to publish the address nowhere. We do some
Unfortunately, that cat is out of the bag, now. Whether it will get
spammed
or attacked, I don't know.
However, it is not
I'd like to chime in on this whole build thing.
I've been trying to get pbuilder working for a few days now, on a package
from backports. It should be a simple task, but I need a minor modification
in the form of an extra repository for dependencies.
It's been incredibly difficult to get the
On 13/02/14 22:10, Dimitri John Ledkov wrote:
On 13 February 2014 16:13, Holger Levsen hol...@layer-acht.org wrote:
Hi,
On Donnerstag, 13. Februar 2014, Ondřej Surý wrote:
this is just a pledge to you all fellow debian developers to update your
build environment before you build a
On Thu, Feb 13, 2014 at 11:52:01PM +, Colin Watson wrote:
On Thu, Feb 13, 2014 at 10:17:46PM +0100, Holger Levsen wrote:
See https://buildd.debian.org/status/package.php?p=html2text - you can only
hope that I've build it in a clean environment and there aint a logfile for
the amd64
* Wouter Verhelst wou...@debian.org, 2014-02-14, 14:01:
I'm told there's at least some magic address you can mail the logs to,
but I never remember what it is. (It's all a workaround anyway.)
l...@buildd.debian.org
The mail's subject has to be in the format that buildd uses, though:
On Fri, Feb 14, 2014 at 02:10:38PM +0100, Jakub Wilk wrote:
* Wouter Verhelst wou...@debian.org, 2014-02-14, 14:01:
I'm told there's at least some magic address you can mail the
logs to, but I never remember what it is. (It's all a
workaround anyway.)
l...@buildd.debian.org
The mail's
On Fri, Feb 14, 2014 at 04:39:25PM +0100, Wouter Verhelst wrote:
Are buildd people happy with humans sending their logs this way?
Well, I am, but it's probably not my call.
Which keyring does it use to validate? Can DMs send logs? Does it
validate at all, or can some script kiddies use it as
On Fri, Feb 14, 2014 at 10:42:16AM -0500, Paul Tagliamonte wrote:
Which keyring does it use to validate? Can DMs send logs? Does it
validate at all, or can some script kiddies use it as a pastebin
service? :)
The logs aren't signed, so it only validates the Subject line.
This has been
previously on this list Brian May contributed:
After the damage is done, probably easier to find the malware that did it
Assuming the damage is visible?
All rants aside, I believe there's a fairly wide agreement that we
should throw away binaries from builds.
I'd encourage something
Hi,
On Donnerstag, 13. Februar 2014, Ondřej Surý wrote:
this is just a pledge to you all fellow debian developers to update your
build environment before you build a package.
I want all binary packages to be rebuild on *.debian.org hosts. Everything
else is just an ugly workaround.
amen,
No kidding!
How many uploaded binaries might include malware?
A lack of binary determinism in the build process basically ensures
that it isn't feasible to discover an answer to this question. :(
All the best,
Jacob
On 2/13/14, Holger Levsen hol...@layer-acht.org wrote:
Hi,
On Donnerstag,
On Thu, Feb 13, 2014 at 06:36:15PM +, Jacob Appelbaum wrote:
No kidding!
How many uploaded binaries might include malware?
A lack of binary determinism in the build process basically ensures
that it isn't feasible to discover an answer to this question. :(
All the best,
Jacob
I'm
* Jacob Appelbaum ja...@appelbaum.net, 2014-02-13, 18:36:
How many uploaded binaries might include malware?
*shrug* It's not like it's difficult to hide malicious code in source
packages.
How many configure scripts that we never rebuild from source contains
trojans?
--
Jakub Wilk
--
To
On 13 February 2014 16:13, Holger Levsen hol...@layer-acht.org wrote:
Hi,
On Donnerstag, 13. Februar 2014, Ondřej Surý wrote:
this is just a pledge to you all fellow debian developers to update your
build environment before you build a package.
I want all binary packages to be rebuild on
On Thu, Feb 13, 2014 at 07:46:53PM +0100, Jakub Wilk wrote:
*shrug* It's not like it's difficult to hide malicious code in
source packages.
How many configure scripts that we never rebuild from source
contains trojans?
Just like my favourite Russ quote:
Basically, people got tired of
On Thu, Feb 13, 2014 at 09:10:15PM +, Dimitri John Ledkov wrote:
On 13 February 2014 16:13, Holger Levsen hol...@layer-acht.org wrote:
Hi,
On Donnerstag, 13. Februar 2014, Ondřej Surý wrote:
this is just a pledge to you all fellow debian developers to update your
build environment
Hi,
On Donnerstag, 13. Februar 2014, Dimitri John Ledkov wrote:
All that's needed, I guess, is for someone to write a patch to dak /
wanna-build ... and schedule _all.deb builds on amd64 ?
Or if arch-restricted package, on one of the arches it will build on?
nope, it's worse than you think:
On Thu, Feb 13, 2014 at 4:13 PM, Paul Tagliamonte paul...@debian.orgwrote:
On Thu, Feb 13, 2014 at 09:10:15PM +, Dimitri John Ledkov wrote:
On 13 February 2014 16:13, Holger Levsen hol...@layer-acht.org wrote:
Hi,
On Donnerstag, 13. Februar 2014, Ondřej Surý wrote:
this is just
On 14/02/14 08:13, Paul Tagliamonte wrote:
On Thu, Feb 13, 2014 at 09:10:15PM +, Dimitri John Ledkov wrote:
On 13 February 2014 16:13, Holger Levsen hol...@layer-acht.org wrote:
Hi,
On Donnerstag, 13. Februar 2014, Ondřej Surý wrote:
this is just a pledge to you all fellow debian
On 2/13/14, Jakub Wilk jw...@debian.org wrote:
* Jacob Appelbaum ja...@appelbaum.net, 2014-02-13, 18:36:
How many uploaded binaries might include malware?
*shrug* It's not like it's difficult to hide malicious code in source
packages.
It is much harder for you to hide source code changes as
Colin == Colin Watson cjwat...@debian.org writes:
Colin On Thu, Feb 13, 2014 at 07:46:53PM +0100, Jakub Wilk wrote:
*shrug* It's not like it's difficult to hide malicious code in
source packages.
How many configure scripts that we never rebuild from source
contains
On Thu, Feb 13, 2014 at 10:17:46PM +0100, Holger Levsen wrote:
See https://buildd.debian.org/status/package.php?p=html2text - you can only
hope that I've build it in a clean environment and there aint a logfile for
the amd64 build of that arch:any package.
I'm told there's at least some
On 13 February 2014 21:17, Holger Levsen hol...@layer-acht.org wrote:
Hi,
On Donnerstag, 13. Februar 2014, Dimitri John Ledkov wrote:
All that's needed, I guess, is for someone to write a patch to dak /
wanna-build ... and schedule _all.deb builds on amd64 ?
Or if arch-restricted package, on
On 14 February 2014 05:46, Jakub Wilk jw...@debian.org wrote:
How many uploaded binaries might include malware?
*shrug* It's not like it's difficult to hide malicious code in source
packages.
After the damage is done, probably easier to find the malware that did it
if you can rely on the
All rants aside, I believe there's a fairly wide agreement that we
should throw away binaries from builds.
I seem to recall ftp-master sending out mail to debian-devel-announce
describing the steps along that process a while ago.
I think it's fine to ask where that project is, and to volunteer
Heya Sam,
On 2/14/14, Sam Hartman hartm...@debian.org wrote:
All rants aside, I believe there's a fairly wide agreement that we
should throw away binaries from builds.
I'd encourage something slightly different and then I'd expand on it a bit.
I think it would be useful to have an historical
On Fri, Feb 14, 2014 at 04:44:21AM +, Jacob Appelbaum wrote:
Heya Sam,
On 2/14/14, Sam Hartman hartm...@debian.org wrote:
All rants aside, I believe there's a fairly wide agreement that we
should throw away binaries from builds.
I'd encourage something slightly different and then
On 2/14/14, Paul Tagliamonte paul...@debian.org wrote:
On Fri, Feb 14, 2014 at 04:44:21AM +, Jacob Appelbaum wrote:
Heya Sam,
On 2/14/14, Sam Hartman hartm...@debian.org wrote:
All rants aside, I believe there's a fairly wide agreement that we
should throw away binaries from builds.
43 matches
Mail list logo