1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
On 12/28/2015 07:33 PM, Michał Górny wrote: |
5 |
> On Mon, 28 Dec 2015 21:24:14 +0300 trupanka@×××××.com wrote: |
6 |
> |
7 |
>> I’m suffering from the fact that users can distinguish packages |
8 |
>> containing binaries just by eye. There is no mechanism to |
9 |
>> allow/ignore such packages. For license restrictions we have |
10 |
>> ‘package.license/’ whitelist. |
11 |
>> |
12 |
|
13 |
.. |
14 |
|
15 |
> |
16 |
> And you already covered here how different the notion of 'binary' |
17 |
> (or rather, 'pre-built') can be. There could be pre-built stuff |
18 |
> that is arch-specific or otherwise of limited portability. There |
19 |
> could be pre-built stuff that is portable. There could be pre-built |
20 |
> stuff whose rebuilding isn't really meaningful at all. |
21 |
|
22 |
Sure it is, at least a reproducable build in order to compare and |
23 |
ensure no malware being installed. I'm reading this more from a |
24 |
security point of view than performance, and the question makes |
25 |
perfect sense. |
26 |
|
27 |
- -- |
28 |
Kristian Fiskerstrand |
29 |
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net |
30 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
31 |
-----BEGIN PGP SIGNATURE----- |
32 |
|
33 |
iQEcBAEBCgAGBQJWg8pgAAoJECULev7WN52FTnYIAJoUrTdQCH4FkfvGR1HLIS0B |
34 |
SBg/GymkzWsWh0v2iTpW1RSG8R1fFbZn1sZwyKve5GOW+WaxQz5a5P731UiB5h5I |
35 |
cHiy9FfoCSpDadNqIVhyx+NMB10W1yiPoe7sea98ZtYsAWlrpAEbfHtvHVcfveNg |
36 |
HuxjAKu1cLil9XdZ9GHSMpEPcgq0LoKY2q3Mrq/J+XwUs1akSOa2NrX9QFSdpmJA |
37 |
hbustOWRqqLWkCXrDwau19J1LuM8HPFoiviA00qGmvOtp+RcZT+1NuHRYFCR4wI9 |
38 |
W9eYj8zWs/HzcubmheuY0Mk6D3Jkp1nxrsgvq9uceXTZ0TUqqD3JZzWUX/vIV2k= |
39 |
=vjF1 |
40 |
-----END PGP SIGNATURE----- |