1 |
On Tuesday 23 July 2002 23:14, Charles Lacour wrote: |
2 |
> I'm not sure there's any need for USE flags to identify the binary. If two |
3 |
> different people compile a package to identical binaries, what USE flags |
4 |
> they had are completely irrelevant. (Someone might compile a package under |
5 |
> another flavor of Linux, for example, in which case there ARE no USE |
6 |
> flags.) |
7 |
|
8 |
Well it's pretty obvious that different USE flags should result in different |
9 |
binaries but you need the USE flags so you know what's in the package. If I |
10 |
have a -X in my USE flags I surely wouldn't want to install a vim binary |
11 |
package that has X support in it. |
12 |
|
13 |
Should everyone be able to submit binaries ? I surely wouldn't trust them. |
14 |
|
15 |
> My thought was to build a string describing the package, then run an md5sum |
16 |
> on that. I was thinking of using that as part of the filename, so we might |
17 |
> want to create a custom md5sum that would produce a shorter string (6-8 |
18 |
> characters, say). |
19 |
|
20 |
You do know about hash functions and collisions ? |
21 |
|
22 |
> Some people have objected (none too violently, as yet) to this as being |
23 |
> "contrary to the spirit of Gentoo". |
24 |
|
25 |
Well I'm not against binaries (without --buildpkg gentoo wouldn't be too |
26 |
useful for more than a few computers) but I surely wouldn't like to have |
27 |
binaries installed from _somebody_. I've chosen gentoo because I can compile |
28 |
from source with control over what I build but with good packaging and |
29 |
without the need to know how to compile every single package I need. Of |
30 |
course that may be different for a lot of people but see first sentence of |
31 |
the "About gentoo" page. |
32 |
|
33 |
"Gentoo Linux is a versatile and fast, completely free Linux distribution for |
34 |
x86, PowerPC, Sparc and Sparc64 that's geared towards Linux power users." |
35 |
|
36 |
That's what they probably mean when they talk about the spirit :) |
37 |
|
38 |
> I like the idea of using this for source as well as binaries; when I'm |
39 |
> downloading files from Gnutella and can get 3 or 4 people to download from |
40 |
> at once, I can max out my ADSL line. From a lot of FTP servers, I get a lot |
41 |
> less. It would also let me contribute as as server; I have a fixed IP |
42 |
> address, but only a 128K uplink. By myself, I'd be a pretty sorry source |
43 |
> for much of anything. With 8 or 10 people like me, though, I'd be quite |
44 |
> useful. |
45 |
|
46 |
Well without proper verification of source and binary packages you will only |
47 |
get "normal users" to use that. I can (privately) live with "just trusting |
48 |
the official mirrors", but p2p without strong cryptographhic verification for |
49 |
anything other than films or music (did I say that ? :)) ? |
50 |
|
51 |
|
52 |
Alex |
53 |
|
54 |
-- |
55 |
"They that can give up essential liberty to obtain a little temporary safety |
56 |
deserve neither liberty nor safety." |
57 |
Benjamin Franklin |