Some misc. comments:
In reply to Peter Kovacs;
Would it be more wise to go for BSD as OS instead of one distribution
FreeBSD? Or are BSD variants incompatible to each other?
BSD variants are certainly incompatible with each other as the result
of about 25 years of divergence.
AFAICT, the only two BSD variants that currently can build AOO are
FreeBSD and Darwin (AKA MacOSX), which happens to be a FreeBSD
derivative. We have some build support for NetBSD but it hasn't been
tested in ages.
I wonder, do we really support all linux variants? I think the buildbots
cover very old versions of CentOS, do we have confidence with such level
of testing?
In reply to Marcus (and orcmid);
And it is crucial that the hashes and signature files *not* be mirrored.
Having them
only available at dist.apache.org is the secure way to detect that the
mirror-downloaded binary
is authentic and unaltered.
right, we as OpenOffice project we should make sure that we refer only
to our own files and servers. So, I hope that there is no faulty link. ;-)
I find the notion of depending on your own servers and hashes to certify
binaries rather outdated. The correct approach is having
reproducible builds so that *anyone* building a given source revision
can verify that neither the server nor the code suppliers have been
compromised. See:
https://reproducible-builds.org/ (and look for the wonderful talks
in youtube, involving demos with compromised compilers or 1 bit
changes that involve backdoors).
This does depend up to a certain level on the OS build environment
supporting it.
BTW, I updated the log in r1780202, to note there is an ongoing discussion.
Pedro.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
