2008/6/24 Nicolas Williams <[EMAIL PROTECTED]>: > On Tue, Jun 24, 2008 at 11:25:25PM -0500, Nicolas Williams wrote: >> On Tue, Jun 24, 2008 at 11:08:57PM -0500, Shawn Walker wrote: >> > > The alternative, IMO, is the slightly more heavyweight trusted >> > > maintainer model. >> > >> > I believe a mixed model is more appropriate. >> > >> > In short, I'm just going to have to disagree with you on requiring >> > things to be buildable to be contributable. >> >> Let users decide whether they want to install stuff from /contrib that >> has no source to go with it (and/or which has not been rebuilt by >> others). > > Or which has even been rebuilt and signed by others. Without a > careful source code audit you may have no clue as to whether you can > trust the binaries. Again, if noone will trust /contrib, so noone > will use it, then there will be no point to hosting it.
Right, which comes back to the package maintainer. There will be times when no source code for certain materials is no available (firmware, notably) for drivers, etc. It's all about who you trust. Even though many community repositories do not provide public build recipes and exact source to reproduce their packages, they have a trustworthy reputation and thus individuals have no problems using packages from them. Trying to enforce a universal build system on all packages (requiring it as part of policy) is doomed to failure. There are a number of different build systems individuals use to produce packages, and one solution does not work for all. Sun's own consolidations for OpenSolaris are a great example of this. -- Shawn Walker _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
