On Wed, Oct 04, 2017 at 05:05:03PM +0530, Pirate Praveen wrote: > Because the shown folly is only in theory and it is never in practice. > As these packages are always uploaded as binary included and never built > on the buildd (as buildds already prohibit network access during build). > If I include pre-built files, nothing changes in practice and only in > perception, hence I'm not convinced.
We have the requirement that every package can be built from source. Even if you upload your locally-built binaries, any user trying to build the package locally will be subjected to the issues that pulling random stuff from internet (and running code from it) entails.
signature.asc
Description: PGP signature
