On Wed, 12 Aug 2009, Joseph L. Casale wrote:
I didn't 'get' the security implications of the rebuild stuff til it was explained to me the other day.
Share the knowledge:) Aside from the delay involved while the devs build rpm's from the srpm's, is there more to it?
This thread will never end if it starts running 'DC al Coda' and ad infinitum.
There are build order dependencies, and build environment checking, to get to a 'warts and all' replication of the upstream's binary product, detailed yet again, as I recall in a post from hughesjr earlier in this thread. Karanbir's cited response post as to one of the external press articles alludes to it as well. The 'I think SL is a possibility' subthread as well notes that this is a slippery slope that sometimes has minor cracks.
_Please_ read it from the freely open pipermail archive, rather than reprising here
--Russ herrold