| 1 |
On Tuesday 23 July 2002 23:14, Charles Lacour wrote: |
| 2 |
> I'm not sure there's any need for USE flags to identify the binary. If two |
| 3 |
> different people compile a package to identical binaries, what USE flags |
| 4 |
> they had are completely irrelevant. (Someone might compile a package under |
| 5 |
> another flavor of Linux, for example, in which case there ARE no USE |
| 6 |
> flags.) |
| 7 |
|
| 8 |
Well it's pretty obvious that different USE flags should result in different |
| 9 |
binaries but you need the USE flags so you know what's in the package. If I |
| 10 |
have a -X in my USE flags I surely wouldn't want to install a vim binary |
| 11 |
package that has X support in it. |
| 12 |
|
| 13 |
Should everyone be able to submit binaries ? I surely wouldn't trust them. |
| 14 |
|
| 15 |
> My thought was to build a string describing the package, then run an md5sum |
| 16 |
> on that. I was thinking of using that as part of the filename, so we might |
| 17 |
> want to create a custom md5sum that would produce a shorter string (6-8 |
| 18 |
> characters, say). |
| 19 |
|
| 20 |
You do know about hash functions and collisions ? |
| 21 |
|
| 22 |
> Some people have objected (none too violently, as yet) to this as being |
| 23 |
> "contrary to the spirit of Gentoo". |
| 24 |
|
| 25 |
Well I'm not against binaries (without --buildpkg gentoo wouldn't be too |
| 26 |
useful for more than a few computers) but I surely wouldn't like to have |
| 27 |
binaries installed from _somebody_. I've chosen gentoo because I can compile |
| 28 |
from source with control over what I build but with good packaging and |
| 29 |
without the need to know how to compile every single package I need. Of |
| 30 |
course that may be different for a lot of people but see first sentence of |
| 31 |
the "About gentoo" page. |
| 32 |
|
| 33 |
"Gentoo Linux is a versatile and fast, completely free Linux distribution for |
| 34 |
x86, PowerPC, Sparc and Sparc64 that's geared towards Linux power users." |
| 35 |
|
| 36 |
That's what they probably mean when they talk about the spirit :) |
| 37 |
|
| 38 |
> I like the idea of using this for source as well as binaries; when I'm |
| 39 |
> downloading files from Gnutella and can get 3 or 4 people to download from |
| 40 |
> at once, I can max out my ADSL line. From a lot of FTP servers, I get a lot |
| 41 |
> less. It would also let me contribute as as server; I have a fixed IP |
| 42 |
> address, but only a 128K uplink. By myself, I'd be a pretty sorry source |
| 43 |
> for much of anything. With 8 or 10 people like me, though, I'd be quite |
| 44 |
> useful. |
| 45 |
|
| 46 |
Well without proper verification of source and binary packages you will only |
| 47 |
get "normal users" to use that. I can (privately) live with "just trusting |
| 48 |
the official mirrors", but p2p without strong cryptographhic verification for |
| 49 |
anything other than films or music (did I say that ? :)) ? |
| 50 |
|
| 51 |
|
| 52 |
Alex |
| 53 |
|
| 54 |
-- |
| 55 |
"They that can give up essential liberty to obtain a little temporary safety |
| 56 |
deserve neither liberty nor safety." |
| 57 |
Benjamin Franklin |
Archives