Which part don't you have? The packaging is one more command, no?
-
-
The part where I would have to re-invent the package distribution wheel.
1 reply 0 retweets 1 like -
You do want to reinvent the building wheel though right? The packaging is trivial, and the distribution isn't difficult: You already have to stage official packages while you build and verify them, no?
1 reply 1 retweet 0 likes -
I reproduce the build once. Checksum passes. I deploy the binary (that I now trust) 1000 times using existing distribution channels. Easy is more expensive than free.
1 reply 0 retweets 0 likes -
Yes, agreed. So at the moment, you reproduce the build once, verify the checksum, then deploy the official binary. I'm saying, build it once, then deploy *your* binary. Where is the flaw in that system? You must already be able to run a command on every system, right?
1 reply 0 retweets 0 likes -
I don't have a delivery mechanism for *MY* binary. I don't want to build it - it already exists.
1 reply 0 retweets 0 likes -
Can you run a command on every system?
1 reply 0 retweets 0 likes -
It's my infrastructure - In theory I can build anything to do anything. I don't want to.
1 reply 0 retweets 0 likes -
If I understand correctly, you are seriously concerned your vendors build server is compromised. You're concerned enough that you're willing to rebuild every package manually, but you draw the line at copying files around? Do you at least agree it's not a *strong* argument?
2 replies 0 retweets 0 likes -
It's a non-sequitur for me. I don't see what distribution has to do with validation. Once the checksums match. I have no preference for mine; or the vendors' packaging.
1 reply 0 retweets 0 likes
The difference is you're asking for a lot of work, that could be easily solved today, equivalently, by you?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.