On Fri, 2006-04-14 at 13:18, Keith M Wesolowski wrote:
> While it's
> still difficult to trust that person/machine, at least you reduce the
> problem from trusting N entities to trusting 1 (or some small number
> of cooperating but mutually suspicious individuals).
It's a bit better than that -- with a public source repository and
public tools, anything produced by the authoritative builder is subject
to reproduction and verification by any interested party.
Outsiders are in a position to inspect the inputs, do their own builds,
and compare the resulting packages.
There are other benefits; careful developers seeking to make limited
changes can validate their build environment by doing their own build
and comparing the results before they start making changes to existing
packages.
- Bill
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
