On Mon, Aug 22, 2005 at 12:52:06PM +0200, Sven Luther wrote: > On Mon, Aug 22, 2005 at 11:51:55AM +0200, Aurelien Jarno wrote: > > Sven Luther a écrit : > > >All packages should be built by official debian buildds anyway, not on > > >developper machines with random cruft and unsecure packages installed, or > > >even > > >possibly experimental or home-modified stuff. > > > > What about packages built on developer machines, but using the same > > software as on the official debian buildds? I mean using sbuild in a > > dedicated chroot. I sometimes do that for my packages when buildd are > > lagging or when a package fails to build because of missing dependencies. > > Should be ok, but the security level would still be higher using only official > buildds and centraly controled.
Really? The maintainer can still embed "rm -rf /" in the postinst either way. We need to be able to trust developers. Similarly, sponsored packages should be rebuilt because the project hasn't decided to official trust those contributors. Hamish -- Hamish Moffatt VK3SB <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]