On 22/06/16 20:11, Matthias Runge wrote: >>> What does Fedora do? > > Fedora forbids pre-built binary objects in their packages (with a very > few exceptions). > > For CentOS, we don't have that restriction. Please correct me, if I'm > wrong. That is right, we dont enforce from source builds, but we do need the content to be open source ideally, or you to have demonstrate-able rights to redistribute unconditionally, any content imported via that route. What would this reproduceable builds chain look like if we were to start looking at Maven/MEAD ? Also, how would we verify the content that goes through ? Also, is this literally just a case of doing a bootstrap or is the intention to stay with that model longer term ? regards, -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc