| Roland Stigge 2004-08-11, 7:51 am |
| Hi,
Shaun Jackman wrote:
> This allows both redistribution of a pristine upstream binary as well
> as potential modification by the security team.
What worries me here is the wording: "pristine". The other extreme would
be "proprietary" which is also valid. Maybe we are talking about the
difference between "Open Source/Free Software" and "Shared Source".
Your reasoning was about checksumming binaries for comparison with
upstream. Why would someone do this with Debian provided software? If a
user doesn't trust Debian, she simply can't use it. The rest of a Debian
install could do all kinds of evil things, even if the user checked one
upstream binary.
In addition to what has been said, it is common for many people to use
non-free build environments. Not only upstream, but also Debian
maintainers who are surprised when I file FTBFS reports after rebuilding
in a clean (Debian main) environment. By skipping the building from
source code we would hide such problems (which can surface very
annoyingly later for the security team, as Joey mentioned). Providing an
additional debian/rules target that nobody uses (until we have a binding
policy for that) would be hypocrisy.
bye,
Roland
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|