| 1 |
Hi list, |
| 2 |
|
| 3 |
I was wondering how it works for binary packages when they are compiled: |
| 4 |
|
| 5 |
Are all binary packages compiled on Gentoo infrastructure after a source |
| 6 |
upload from the maintainer, or are there any binary packages compiled on |
| 7 |
maintainers computers and then uploaded on Gentoo infra? |
| 8 |
|
| 9 |
In fact, we had lots of trolls^W discussions about this point with |
| 10 |
friends and colleagues who use other distros. And there is a security |
| 11 |
question: do we allow uploads from developers without being sure the |
| 12 |
binary comes from the corresponding sources? (the maintainer may be |
| 13 |
malicious, or his computer may be compromised) The « binary upload » |
| 14 |
practice is very common in other distro communities such as Debian. |
| 15 |
Therefore I would like to know if we also have this flaw in Gentoo. |
| 16 |
(and what do you think about it) |
| 17 |
|
| 18 |
Thank you, |
| 19 |
|
| 20 |
JC |
Archives