1 |
Thanks for these precisions. |
2 |
|
3 |
Binary repository seems to be a radical but good solution to get rid of |
4 |
attack attempts (in both ways). However (though I'm sure you're aware of |
5 |
that), compilation possibilities are much too numerous to consider |
6 |
applying it. And that's Gentoo's reason of beeing. Well, I think. |
7 |
|
8 |
After some more searching, it comes obvious that, while it would be a |
9 |
very interesting project, I clearly don't have the skills to carry it |
10 |
out. That's why I will let researchers do their job and find another |
11 |
interesting project. |
12 |
|
13 |
Nonetheless, I think I found a solution that would theoretically work: |
14 |
using kind of a "Web of Trust" (as do OpenPGP). |
15 |
|
16 |
On Mon, 2013-02-18 at 14:13 -0500, Rich Freeman wrote: |
17 |
> I think the big question is - what does distributed compilation get us |
18 |
> that a binary repository doesn't get us, or in what way is it easier? |
19 |
> I can't really think of any advantages of the former over the latter. |
20 |
|
21 |
I don't agree with you on that point. Though distributed compilation |
22 |
doesn't seem to be applicable yet, I don't think a binary repository |
23 |
will ever be applicable (for the reason I stated formerly). |
24 |
|
25 |
Regards, |
26 |
|
27 |
Antoine Pinsard |