[Pkg-geany-team] Processed: retitle 654462 to Doesn't contain source for waf binary code ...

Jonas Smedegaard dr at jones.dk
Wed Jan 4 11:34:25 UTC 2012


On 12-01-04 at 12:22pm, Daniel Svensson wrote:
> On Wed, Jan 4, 2012 at 12:18 PM, Jonas Smedegaard <dr at jones.dk> wrote:
> >> As I mentioned, this is a question of a compressed file, so sure 
> >> it's binary encoded, but when you execute ./waf, it will decompress 
> >> into the ".waf-1.6.7-b271784c448ab906d5606267fb7f92c0" directory in 
> >> the top level directory.
> >
> > How can the Debian project rest assured that that the binary indeed 
> > is (only!) unpacking itself when executed?
> >
> > Also, that it is the case for _every_ new upstream release, not only 
> > once when you cared to investigate closely.
> 
> Which is why I referred to the script that produces the compressed 
> version so you can compress your own from waf upstream sources.

I believe you did not answer my question: I did not ask how the Debian 
project can verify later on, but how it can rest assured that this 
verification have already been done for packages using waf.


 - Jonas

P.S.

Where is the thread on debian-devel at l.d.o about this mass-bugfiling?  
Seems crazy to cross-post to a gazilion package maintainers.

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-geany-team/attachments/20120104/f91e7ada/attachment-0001.pgp>


More information about the Pkg-geany-team mailing list