also sprach Thibaut Paumard <thib...@debian.org> [2012.11.20.1403 +0100]: > That's why we currently require a binary together with the source. It > tautologically proves that you successfully built it.
Nope, it does not. It could also prove that you know how to use changestool to engineer a .changes file combining a source package with an older DEB file, or even an empty DEB file. Point being, there is no way to prove that a package builds. And even if you built it and included it in the upload, you might have done so on a non-clean chroot or in another whack environment with e.g. build-dependencies installed without having them listed in debian/control. -- .''`. martin f. krafft <madduck@d.o> Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduck http://vcs-pkg.org `- Debian - when you have better things to do than fixing systems "stab it and steer" -- sailor
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
