1 |
Marko Mikulicic <marko@××××.org> wrote: |
2 |
> Yannick Koehler wrote: |
3 |
> and then |
4 |
> > propose or take it from the distribution system. Basically the |
5 |
> > same as ccache ;-) |
6 |
> > |
7 |
> |
8 |
> I like the idea. I was thinking of something similar. |
9 |
> I think it's possible to hash the use flags used to build |
10 |
> the package and compare it to the package to be downloaded. |
11 |
|
12 |
I see another problem with this. There is no way to make the packages trusted. |
13 |
In the portage tree, every downloaded file is checked against a MD5 hash. |
14 |
This means, I have to trust the person who build the port. This is not |
15 |
a big problem to me, because those people are "near" to the gentoo core, |
16 |
and everybody can check the MD5s against the official downloads of the packet. |
17 |
|
18 |
I can't do this sort of check agains precompiled binaries, because every binary |
19 |
would have a different MD5. The only way to check would to compile the package |
20 |
myself with the same flags, thus defeating the purpose. |
21 |
Using those binary packages means to trust every user of gentoo, that he |
22 |
doesn't put trojans or whatever on my system. |
23 |
|
24 |
My 0,02 EUR |
25 |
Nils |
26 |
|
27 |
-- |
28 |
The primary purpose of the DATA statement is to give names to |
29 |
constants; instead of referring to pi as 3.141592653589793 at every |
30 |
appearance, the variable PI can be given that value with a DATA |
31 |
statement and used instead of the longer form of the constant. This |
32 |
also simplifies modifying the program, should the value of pi change. |
33 |
|
34 |
-- FORTRAN manual for Xerox Computers |
35 |
Nils Decker <ndecker@×××.de> |