On Mon, Aug 22, 2005 at 04:08:47PM +0200, W. Borgert wrote: > Quoting Hamish Moffatt <[EMAIL PROTECTED]>: > > There is the possibility that developer builds get extra features > > enabled due to other installed libraries etc. This could be checked for > > by analysing the packages files for different architectures or similar. > > This is a really nice idea: A DD with a strange sense of humour > could "enable an extra feature" in their binary package, that is > not in the source code - at least not in the uploaded source. > Could be a virus, a Trojan horse, a root kit, a time-bomb. As > >= 95% of our users have i386, it's easy to generate nice damage.
That isn't what I meant. I meant that the developer might have some other installed package found by configure and used, which wouldn't be present in the clean buildd environment. It may be possible to compare the dependencies of each package across architectures to detect this - not at upload time, but asynchronously. (Developers do plenty of other such archive-wide tests now and report back through the BTS, debian-devel etc.) Hamish -- Hamish Moffatt VK3SB <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
