[Dev] Using pacman2pacman by default
fauno
fauno at endefensadelsl.org
Sun Mar 13 05:44:37 GMT 2016
Denis 'GNUtoo' Carikli <GNUtoo at no-log.org> writes:
> [1] We don't have reproducible builds, and, as I understand it,
there're some advances on this on arch's side, iirc i've forwarded some
emails from arch-dev-public
maybe you could contact arch's referents on reproducible builds to see
how we can helps this process?
> individual developers upload their binary packages.
> Since Arch ships non-free software, this isn't good at all for
> security, since their developers probably uses that too.
> It also result in a multiple point of failure, any of the developers
> might (knowing it or not) upload compromised packages.
> Is I understand it, we use many of their packages as-is.
packages are supposed to be built on clean chroots :P
--
http://utopia.partidopirata.com.ar/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 584 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20160313/604e6021/attachment.sig>
More information about the Dev
mailing list