El 29 de junio de 2025 13:58:24 UTC, Leo Wandersleb <[email protected]> escribió: >Hi Ismael, > >I think we're talking past each other. Even in the OS world, binaries are >distributed - through apt, snap stores, flatpak, etc. When a maintainer >uploads a .deb or someone publishes a snap, those binaries need verification.
A wider definition threatens with a chasing game we don't want to play with upstream authors. We want people to, ideally, fix their buildsystems, and maintain that support forward. At some point it can be made a requirement, we don't expect to do any reverse engineering, and we don't want it to be an afterthought in the future. A narrow definition keeps those problems at bay as inherently out of scope. Binary distributions should aim for the same experience source based distributions have been providing for 25 years, binary packages should act like an optimisation to skip the build more or less. So it isn't about verifying the work of any single maintainer, but ideally a distributed check on the whole ecosystem. Does that make sense?
