Hi, I've just been watching this demo [1] on how to publish click packages. Looks very promising! However, one question that comes up here is at the uploading step (3:13 in the video):
The website allows to upload a binary package and a source package. However, I can't see any connection between those two. How can I be sure that the binary click package indeed contains an unmodified version of the uploaded source package? From what I can see here I could easily publish some source code and then build a malicious package containing some additional bad code. Or will the uploaded binary click package be discarded and a new one built from the source in case the source is uploaded? Thanks, Michael [1] http://www.youtube.com/watch?v=BjGAnV33GHU -- Mailing list: https://launchpad.net/~ubuntu-phone Post to : ubuntu-phone@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
