Web lists-archives.com

Re: Tainted builds (was Re: usrmerge -- plan B?)




On Fri, 2018-11-30 at 05:51:35 +0900, Mike Hommey wrote:
> "Only Essential: yes and direct build dependencies installed"? Why not
> extend .buildinfo with the list of all packages installed that aren't
> Essential:yes or build dependencies?

Because that'd have the potential to leak privacy and security sensitive
information.

The same reason why neither the kernel version nor the build path are
leaked by default, and require explicit command-line options.

Thanks,
Guillem