Web lists-archives.com

Re: Tainted builds (was Re: usrmerge -- plan B?)




On Wed, Nov 28, 2018 at 07:02:07PM +0100, Bastian Blank wrote:
> On Wed, Nov 28, 2018 at 02:48:32PM -0200, Antonio Terceiro wrote:
> > Would you be willing to also implement
> > 	Tainted-By: not-built-in-a-chroot
> > ?
> 
> What do you want to do with that?  Even our own stuff not always uses
> chroot, why should it?

The idea here is to record facts about the system where a package was
built. Building in a merged-/usr system does not necessarily produce a
broken package. Not building in a chroot is also not necessarily a
problem, but still, we want to know that.

Now, as Andrey points out, nowdays a chroot is not the only type of
minimal system where one can build packages, so maybe a more
sophisticated check would be required.

Attachment: signature.asc
Description: PGP signature