Mailinglist Archive: opensuse-buildservice (349 mails)

< Previous Next >
[opensuse-buildservice] Re: How secure is openSUSE build service?
  • From: Guenter Dannoritzer <kratfkryksqq@xxxxxxxxxxxxx>
  • Date: Thu, 01 Nov 2007 16:03:08 +0100
  • Message-id: <fgcprd$kqj$1@xxxxxxxxxxxxx>
Dirk Stoecker wrote:

Some suggestion I got when writing this.

1) Is it possible to view the packages source files from the point of
non-registered users? If not, this should be possible.

Actually, how about the packager can provide a link to the original md5
checksum and if the source code used to build that package passes the
md5 checksum there is some confidence LED showing up next to the
1-Click-Install button of that package.

Now that leaves the problem with applied patches and I don't know how
extensive they are getting. But how about having the possibility to view
the applied patches.

It would also be good to have the packager add a comment about why this
patch is applied and where it comes from. That comment could also be
shown to the end user.

Those measures would allow a user of a packager to trace back what got
changed from the original source code.



To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >