[Dev] Using pacman2pacman by default
fauno at endefensadelsl.org
Sun Mar 13 05:44:37 GMT 2016
Denis 'GNUtoo' Carikli <GNUtoo at no-log.org> writes:
>  We don't have reproducible builds, and, as I understand it,
there're some advances on this on arch's side, iirc i've forwarded some
emails from arch-dev-public
maybe you could contact arch's referents on reproducible builds to see
how we can helps this process?
> individual developers upload their binary packages.
> Since Arch ships non-free software, this isn't good at all for
> security, since their developers probably uses that too.
> It also result in a multiple point of failure, any of the developers
> might (knowing it or not) upload compromised packages.
> Is I understand it, we use many of their packages as-is.
packages are supposed to be built on clean chroots :P
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 584 bytes
Desc: not available
More information about the Dev