[linux-elitists] Surveillance

Marc MERLIN marc at merlins.org
Sat Sep 7 18:26:48 PDT 2013


On Sat, Sep 07, 2013 at 05:11:33PM -0700, Don Marti wrote:
> Which means I need to set up that build the source
> package and check that the binaries match thing.
> Anyone doing this already for your favorite
> distribution?
 
I did that at google for our distribution that runs in production,
well more specifically we don't run upstream binaries at all. We've
re-bootstrapped our own distribution, maintain and compile our own openssl,
openssh and so forth.

We also have mostly binary invariant builds, and yes that was work, we had
to patch stuff for sure.
However, that process didn't tell us if the upstream binaries were the same
because we modified most of our source to be leaner and compiled differently
than upstream.

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/  


More information about the linux-elitists mailing list