I'd like to chime in on this whole build thing. I've been trying to get pbuilder working for a few days now, on a package from backports. It should be a simple task, but I need a minor modification in the form of an extra repository for dependencies.
It's been incredibly difficult to get the package built. The process needs some refinement and some minor enhancements at least. I'll be documenting my process soon enough for others to be able to have a reasonable account of the process as it stands now. On Feb 15, 2014 8:15 AM, "Philipp Kern" <pk...@debian.org> wrote: > On 2014-02-15 15:34, Henrique de Moraes Holschuh wrote: > >> On Sat, 15 Feb 2014, Philipp Kern wrote: >> >>> That's why I was careful to publish the address nowhere. We do some >>> >> >> Unfortunately, that cat is out of the bag, now. Whether it will get >> spammed >> or attacked, I don't know. >> >> However, it is not like we ever could trust the logs anyway for any >> security >> purposes, as they are not signed by the same key that signed the >> respective >> changes file for the upload. Currently, they're useful for debug >> purposes, >> and that's it (which is fine). >> > > Yeah, they could be, if sbuild is extended to sign the logs. That said, we > do trust our mail-in. We can trust the received headers to some degree (for > timestamps and where the mail came from), but we cannot rule out on-disk > tampering. > > Kind regards > Philipp Kern > > > -- > To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: http://lists.debian.org/43b8290b3d8f1f2f37b01636e93370 > a...@hub.kern.lc > >
