| 1 |
Thanks for these precisions. |
| 2 |
|
| 3 |
Binary repository seems to be a radical but good solution to get rid of |
| 4 |
attack attempts (in both ways). However (though I'm sure you're aware of |
| 5 |
that), compilation possibilities are much too numerous to consider |
| 6 |
applying it. And that's Gentoo's reason of beeing. Well, I think. |
| 7 |
|
| 8 |
After some more searching, it comes obvious that, while it would be a |
| 9 |
very interesting project, I clearly don't have the skills to carry it |
| 10 |
out. That's why I will let researchers do their job and find another |
| 11 |
interesting project. |
| 12 |
|
| 13 |
Nonetheless, I think I found a solution that would theoretically work: |
| 14 |
using kind of a "Web of Trust" (as do OpenPGP). |
| 15 |
|
| 16 |
On Mon, 2013-02-18 at 14:13 -0500, Rich Freeman wrote: |
| 17 |
> I think the big question is - what does distributed compilation get us |
| 18 |
> that a binary repository doesn't get us, or in what way is it easier? |
| 19 |
> I can't really think of any advantages of the former over the latter. |
| 20 |
|
| 21 |
I don't agree with you on that point. Though distributed compilation |
| 22 |
doesn't seem to be applicable yet, I don't think a binary repository |
| 23 |
will ever be applicable (for the reason I stated formerly). |
| 24 |
|
| 25 |
Regards, |
| 26 |
|
| 27 |
Antoine Pinsard |
Archives