Why not simply create source package too? It would be simple and speedy!
Il giorno 16/mag/2013, alle ore 19:08, Jos van den Oever <[email protected]> ha scritto: > Hi all, > > An aspect of the package format which has not been brought up yet is the > reproducibility of the builds. > > The availability of the source of a package implies that a user can create > the binaries from the source. However in practice, it is rarely that case > that running the build command that makes a binary package from a source > package results in a package with the same binary. > > This deficiency means that reciever of the software does not have the freedom > to study how the program works, because it is very hard or nearly impossible > to verify that provided binary was obtained by compiling the provided source > code. > > There are two solutions to this problem: > 1) only ship source code and let the user compile > 2) make sure that the process to turn the source code into a binary is as > predictable as 1 + 1 = 2. > > Is it a goal of the app installer and package format to let the recievers of > the software enjoy the freedom to study the how the program works? > > Best regards, > Jos > > -- > ubuntu-devel mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
