"Francesco P. Lovergine" <[EMAIL PROTECTED]> wrote: > On Fri, Feb 09, 2007 at 03:37:28PM +0100, Pierre Habouzit wrote: >> On Fri, Feb 09, 2007 at 02:44:37PM +0100, Francesco P. Lovergine wrote: >> > The security implications of those practices should be evident to anyone. >> >> This is (sorry) bullshit. Binary only uploads are _not_ less secure >> than binary+source ones. Having a source side by side with the binary >> module does not give more security than binary-only uploads. >> > > Nice considerations, but I was talking about > alternative/unofficial/untrastable/whatever-you-prefer > buildd networks (which was at the origin of current vetos for some archs). > So your considerations about binary vs source uploads can be interesting but > not appropriate for the matter.
I don't get the point. Where's the additional security problem with alternative/unofficial/untrastable/whatever-you-prefer buildd networks? I see a technical problem (reproducibility, in particular for stable-security builds) with binary uploads, but even there I don't see the difference between binary-only and bin+source uploads. I guess in the long run, we should establish i386 autobuilders and either only allow source-only uploads, or require bin+src, but discard the binary packages. On the social side, the availability of buildd admins for work and communication needs to be improved, by whatever measures are appropriate. Regards, Frank -- Dr. Frank Küster Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich Debian Developer (teTeX/TeXLive)