tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Updating plans of lang/ghc

On Fri, 10 Jan 2014 11:59:33 +0900, PHO <> wrote:

From: David Holland <>
Subject: Re: Updating plans of lang/ghc
Date: Thu, 9 Jan 2014 19:24:34 +0000

 > Well... I'm puzzled. Are you saying I have to prove that machines I
 > used to build my kits were not trojanized by any means? Obviously I
 > can't. No one on the earth can prove such things.

No, only that you've taken reasonable (or equivalently, adequately
paranoid) steps to be careful about securing the machines involved and
not exposed the builds to known hazards.

(Cloud hosting is one known hazard, for example, that's probably best
avoided for any binaries like this.)

Okay. Here's an updated summary of my bootstrap kits:

* NetBSD/amd64, FreeBSD/i386, Darwin/ppc [SAFE]: These kits were built
  on my secured private machines under my exclusive control.

* Linux/amd64 [UNSAFE]: I built my kit for this one on a machine
  shared with my co-workers with root access.

* NetBSD/i386 [UNSAFE]: I built my kit for this one on an Amazon EC2
  instance (although it's private).

Then, at least, is it OK to put bootstrap binary kits for
NetBSD/amd64, FreeBSD/i386, Darwin/ppc?

Probably, about bootstrap kit, same situation with lang/openjdk7.
But I cannot find how current openjdk7 bootstrap binaries was allowed.
Anyone know where I can see such discussion?

OBATA Akio /

Home | Main Index | Thread Index | Old Index