Bug#969084: buildd.d.o: please don't use a tainted buildenv

Holger Levsen holger at layer-acht.org
Mon Aug 31 15:44:12 BST 2020


On Thu, Aug 27, 2020 at 04:25:56PM +0200, Guillem Jover wrote:
> > thanks for that info! maybe dpkg could treat /usr/local not as tainted if the
> > only file in /usr/local is /usr/local/sbin/policy-rc.d ?
> While we could perhaps add an exception in the Debian vendor profile.
> It does look like this is working as intended? :)

yes, I believe the buildd admins thinks this works as intended.

> This is a local file
> that might affect the build, which is otherwise not trackable, say
> what "version" (with which changes) was being used, etc. 

this kind of policy-rc.d file only contains one relevant line, "exit 0".

> I think ideally
> this would be using a system pathname and be part of a package that gets
> then listed in the .buildinfo files.

I cannot comment on this except to say that I'd wish for some more pragmatism :(


-- 
cheers,
	Holger

-------------------------------------------------------------------------------
               holger@(debian|reproducible-builds|layer-acht).org
       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

"... the premise [is] that privacy is about hiding a wrong. It's not.
 Privacy is an inherent human right, and a requirement for maintaining
 the human condition with dignity and respect." (Bruce Schneier)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20200831/168eb50d/attachment.sig>


More information about the Reproducible-builds mailing list