Thue Janus Kristensen <thu...@gmail.com> writes: > From a security and correctness perspective, it seems vital to me to > compile from source instead of importing binary code. It is the only > practical way to know that the source code matches the compiled code.
And many people in Debian agree with you. I'm one of them. However, you were specifically asking if there is a policy in Debian that *requires* this. The answer is that there currently is not in cases of generated source code such as your example, but there are many people in Debian who agree that we should be moving in that direction, and who are pushing for changes in our normal packaging processes in that direction. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-policy-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87a94uqwj9....@hope.eyrie.org
