I'm not a security expert so please call me out if I'm talking nonsense.
Another aspect of this is security. Right now, any dev / TU could
theoretically check in a correct PKGBUILD but upload a binary package
with *insert malicious content* in it to the repos with a very low
probability of anyone ever noticing. A (mandatory) central build server
could guarantee that the package is actually built with the specified
publically available PKGBUILD.
- [arch-general] Question about automated builder Thomas S Hatch
- Re: [arch-general] Question about automated builde... Magnus Therning
- Re: [arch-general] Question about automated bu... Thomas S Hatch
- Re: [arch-general] Question about automated builde... Ray Rashif
- Re: [arch-general] Question about automated bu... Thomas S Hatch
- Re: [arch-general] Question about automate... C Anthony Risinger
- Re: [arch-general] Question about auto... Thomas S Hatch
- Re: [arch-general] Question about... Thomas Dziedzic
- Re: [arch-general] Question a... Thomas S Hatch
- Re: [arch-general] Questi... Jelle van der Waa
- Re: [arch-general] Questi... Jakob Gruber
- Re: [arch-general] Questi... Thomas S Hatch
- Re: [arch-general] Questi... C Anthony Risinger
- Re: [arch-general] Questi... Thomas S Hatch
- Re: [arch-general] Questi... C Anthony Risinger
- Re: [arch-general] Questi... Thomas S Hatch
- Re: [arch-general] Questi... Isaac Dupree
- Re: [arch-general] Questi... Thomas S Hatch
- Re: [arch-general] Questi... Thomas S Hatch
- Re: [arch-general] Question about... Kaiting Chen
- Re: [arch-general] Question a... Thomas S Hatch