Date: Tue, 13 Dec 2022 19:05:19 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: Xin LI <delphij@gmail.com> Cc: freebsd-ports@freebsd.org Subject: Re: lang/rust is super slow to buildZ Message-ID: <p076oop5-1n5o-4p15-q7q2-s1n9r1sq2575@mx.roble.com> In-Reply-To: <CAGMYy3vBKnroT4OJpsYGOckAf79AMXiARmCkNDuDgt2jEfmZ6A@mail.gmail.com> References: <EDE0639D-04CE-44C6-922D-159F45576296@patmaddox.com> <c2c55e9a-3af7-19b9-a9f4-060cd4e1f584@bluerosetech.com> <CAGMYy3shq_Jdgd7-GppOJsGKup=RpUk-p%2B=OBbOs5107b1aWhw@mail.gmail.com> <39n96570-44r2-opnp-512n-po85597n6qn6@mx.roble.com> <CAGMYy3vBKnroT4OJpsYGOckAf79AMXiARmCkNDuDgt2jEfmZ6A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 13 Dec 2022, Xin LI wrote: > Using prebuilt binaries is not necessarily compromising security when done > right. I think to ensure safety of these prebuilt binaries, we need to > invest in e.g. making package builds reproducible (so an independent third > party can audit and validate that the binaries are actually built from the > source that they claimed to be when they want), ensure that the builders > are safe, and sign the packages on the builders. Reproducable builds, a packaged base and paid staff to maintain the vuxml db (and perhaps support for containerd and wakeonlan) would go a _long_ way towards getting FreeBSD back onto the short list of popular server operating systems. Alas, none of these seems to be a priority for the Board. Roger Marquis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p076oop5-1n5o-4p15-q7q2-s1n9r1sq2575>