Subject: Re: add builder and build date to +BUILD_INFO
To: Jeremy C. Reed <firstname.lastname@example.org>
From: John Klos <email@example.com>
Date: 10/08/2003 21:53:54
> I am not doing this for integrity checking.
> Even if a package is built in my network -- I'd like to know who
> (automated/bulk-builds user?), when and where (since I build on many
> different machines, some using NFS pkgsrc). I could look at timestamps of
> files, but that isn't easy enough.
> Also, it would be good to know which developer built a package on a
> download site. (Again, I know this can be be forged.) Also, packages are
> available via non-official NetBSD servers too (such as a solaris packages
> project and my soon-to-be-made available Linux packages file server).
This is a good idea. If something is not built properly, it would be
helpful to have more information about the origins of the package than
just the owner ftp.netbsd.org. Perhaps the weekly pkgsrc checks which
remove binary packages for security reasons could automatically let people
know which of their binaries were removed.
Sixgirls Computing Labs