From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 090741384B4 for ; Wed, 30 Dec 2015 12:18:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 487C521C09A; Wed, 30 Dec 2015 12:18:18 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 48E9D21C010 for ; Wed, 30 Dec 2015 12:18:17 +0000 (UTC) Received: from [IPv6:2001:67c:20a1:1192:2677:3ff:fe45:edb4] (unknown [IPv6:2001:67c:20a1:1192:2677:3ff:fe45:edb4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: k_f) by smtp.gentoo.org (Postfix) with ESMTPSA id 8DD00340691; Wed, 30 Dec 2015 12:18:14 +0000 (UTC) Subject: Re: [gentoo-dev] Need clear semantics for packages with binary entities References: <20151228182414.GB4303@web> <20151228193359.51a2cef0.mgorny@gentoo.org> To: gentoo-dev@lists.gentoo.org, trupanka@gmail.com From: Kristian Fiskerstrand Message-ID: <5683CA65.5070705@gentoo.org> Date: Wed, 30 Dec 2015 13:13:25 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <20151228193359.51a2cef0.mgorny@gentoo.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: e203aa5c-3bcf-49e5-a039-736e3a8fabeb X-Archives-Hash: 779ec56d7d623d8ab313c1a6bf59e547 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 12/28/2015 07:33 PM, Michał Górny wrote: > On Mon, 28 Dec 2015 21:24:14 +0300 trupanka@gmail.com wrote: > >> I’m suffering from the fact that users can distinguish packages >> containing binaries just by eye. There is no mechanism to >> allow/ignore such packages. For license restrictions we have >> ‘package.license/’ whitelist. >> .. > > And you already covered here how different the notion of 'binary' > (or rather, 'pre-built') can be. There could be pre-built stuff > that is arch-specific or otherwise of limited portability. There > could be pre-built stuff that is portable. There could be pre-built > stuff whose rebuilding isn't really meaningful at all. Sure it is, at least a reproducable build in order to compare and ensure no malware being installed. I'm reading this more from a security point of view than performance, and the question makes perfect sense. - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJWg8pgAAoJECULev7WN52FTnYIAJoUrTdQCH4FkfvGR1HLIS0B SBg/GymkzWsWh0v2iTpW1RSG8R1fFbZn1sZwyKve5GOW+WaxQz5a5P731UiB5h5I cHiy9FfoCSpDadNqIVhyx+NMB10W1yiPoe7sea98ZtYsAWlrpAEbfHtvHVcfveNg HuxjAKu1cLil9XdZ9GHSMpEPcgq0LoKY2q3Mrq/J+XwUs1akSOa2NrX9QFSdpmJA hbustOWRqqLWkCXrDwau19J1LuM8HPFoiviA00qGmvOtp+RcZT+1NuHRYFCR4wI9 W9eYj8zWs/HzcubmheuY0Mk6D3Jkp1nxrsgvq9uceXTZ0TUqqD3JZzWUX/vIV2k= =vjF1 -----END PGP SIGNATURE-----