28 Jan
2011
28 Jan
'11
2:32 p.m.
Another aspect of this is security. Right now, any dev / TU could theoretically check in a correct PKGBUILD but upload a binary package with *insert malicious content* in it to the repos with a very low probability of anyone ever noticing. A (mandatory) central build server could guarantee that the package is actually built with the specified publically available PKGBUILD. I'm not a security expert so please call me out if I'm talking nonsense.