1 |
Hi list, |
2 |
|
3 |
I was wondering how it works for binary packages when they are compiled: |
4 |
|
5 |
Are all binary packages compiled on Gentoo infrastructure after a source |
6 |
upload from the maintainer, or are there any binary packages compiled on |
7 |
maintainers computers and then uploaded on Gentoo infra? |
8 |
|
9 |
In fact, we had lots of trolls^W discussions about this point with |
10 |
friends and colleagues who use other distros. And there is a security |
11 |
question: do we allow uploads from developers without being sure the |
12 |
binary comes from the corresponding sources? (the maintainer may be |
13 |
malicious, or his computer may be compromised) The « binary upload » |
14 |
practice is very common in other distro communities such as Debian. |
15 |
Therefore I would like to know if we also have this flaw in Gentoo. |
16 |
(and what do you think about it) |
17 |
|
18 |
Thank you, |
19 |
|
20 |
JC |