[Dev] Using pacman2pacman by default

fauno fauno at endefensadelsl.org
Sun Mar 13 05:44:37 GMT 2016

Denis 'GNUtoo' Carikli <GNUtoo at no-log.org> writes:
> [1] We don't have reproducible builds, and, as I understand it,

there're some advances on this on arch's side, iirc i've forwarded some
emails from arch-dev-public

maybe you could contact arch's referents on reproducible builds to see
how we can helps this process?

>     individual developers upload their binary packages.
>     Since Arch ships non-free software, this isn't good at all for
>     security, since their developers probably uses that too.
>     It also result in a multiple point of failure, any of the developers
>     might (knowing it or not) upload compromised packages.
>     Is I understand it, we use many of their packages as-is.

packages are supposed to be built on clean chroots :P

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 584 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20160313/604e6021/attachment.sig>

More information about the Dev mailing list