-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Kilian,
On 26.07.2011 22:25, Kilian Krause wrote: > I'm not entirely sure if we want to run get-orig-source targets to rebuild > ~dfsg tarballs and compare them. I don't think, you really want to consider to run /anything/ which has been supplied by a completely untrusted sponsoree. Being it a full or partial or just a get-orig-source target run. This is an immediate risk for the infrastructure, being it well protected or not for little benefit. (just my 2c) - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOLyTpAAoJEMcrUe6dgPNtB40P/jKI4+ml59JN8jZ6Ps+3pDic pgU8lVMjb1QMeRsCc4RjM14+khYmjgja31HpNP/s3GeDnHdjDZha29oPAmTuGLkt 9CC05g9dELKS/eRiY7JHOeEG6o/Y9csnQR96bhaAzcHiSmYqF1NMj4Gl4pPN5RT6 WTOTLog1E6S5kcdfAvtCo7RWU1OWdOV6u8yI+fEFpsEFnc4bx3lIkbJXXI3vJVjH uhWDIP1zDBUmw6Wn8LAWpa9wQPbonx2lX/ByzaccnraCk/fF36hDotoDnhqDM6iG k7d5jo06xU/1HidtZ1BJIFMYCKP8DJT/sdExXjA+AqzC+g04fArQXMftRVRofRkb ffAlTy+kP/PMv4SnWwRtnqdUpoBoU5VGKSWJsiz8MjUdU8OQ4x0prK+pF0BCvShe ZtklUo4JAs3WYOwuTtb/VCDtcHPzZr9RzgV9FHin0Pz7zW4bD51ewgRWLN/rWYip Pbt3BQKp1ZxtrvfA+FabocKyvvC55vjhuG/XY07hCSUg0KEIppg9lMq3PXBkDPy9 y4laBriwO/SyfBl/nLRhSVs8May3bNfu1nQa7XlFFar326O95Gdh6S7jWfBSnDqD RqfhnhEPSHJsrI1dasS4Ay1BvrmNklGCG98K9Vy1vfyBzOejG/8BeE+TPrqv1xWB 1aRy1WEJhg/jhmjlOaI+ =Ou/Z -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e2f24ea.20...@toell.net
