On Wed, Jun 25, 2008 at 09:50:02AM +0530, Venky wrote: > On Tue, Jun 24, 2008 at 11:07:35PM -0500, Shawn Walker wrote: > > Yes, but again, that's where policy comes in. As the recent debian > > problem with OpenSSL shows, just because you have a fully-repeatable > > build recipe and source does not guarantee that a security problem > > won't be introduced. > > Perfect example, thank you! Do you think this flaw would have been > discovered if Debian did not have a policy of requiring source?
Actually, yes. People certainly could (and should) have noticed the problem without having to inspect source. _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
