On 10/26/2016 02:45 PM, Pavel Raiskup wrote:
On Wednesday, October 26, 2016 1:33:34 PM CEST Florian Weimer wrote:
Debian does not build from SCM, but directly from maintainer-uploaded
source packages, so there is no need to have a private SCM.
Do we have a good marketing for the fact that we are that "superior"
compared to Debian then? Sounds like a main thing for for distro comparison
article: It sounds like this is much, *much* more difficult to get malicious
software into distribution (without noticing) for Fedora packager than for
Debian packager, right?
You need people to actually look at stuff that's being uploaded. I
don't think there is a key difference between Fedora and Debian as far
as this aspect is concerned. D
In addition, Koji likely allows you to create tagged builds which came
from SRPMs, so I don't think there is an actually difference here in
terms of attack surface (at least not in Fedora's favor).
Florian
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
