@penguin42
At the time, code names were used for the directory containing packages rather than version numbers, with the version number being a symlink to the code name. This meant that assigning a version number meant only a symlink needed to be synced to mirrors, rather than a whole directory and its packages.
Today those directories only contain metadata so syncing them doesn't require syncing their packages, but they're still symlinks, not directories.
At the time, code names were used for the directory containing packages rather than version numbers, with the version number being a symlink to the code name. This meant that assigning a version number meant only a symlink needed to be synced to mirrors, rather than a whole directory and its packages.
Today those directories only contain metadata so syncing them doesn't require syncing their packages, but they're still symlinks, not directories.
@ariadne
Remove comment, block commenter, move on? Personally, I have little respect for people like that...
Remove comment, block commenter, move on? Personally, I have little respect for people like that...
I like the art and culture I've been exposed to. I enjoyed my time in Varanasi and in Agra, partially because they are so different from what I've experienced.
But if I'm going to have to endure one more day of government-licensed guides who start talking to us because we're in a car near some random monument, I may lose control and actually start smacking people in the face.
Enough.
But if I'm going to have to endure one more day of government-licensed guides who start talking to us because we're in a car near some random monument, I may lose control and actually start smacking people in the face.
Enough.
I mean you're not allowed to just browse in a shop. They need to pull out everything, give you tea, and waste an hour of your time on the off chance you might be convinced to buy something, even while you tell them that you have absolutely zero budget and want to be left alone. They won't stop pulling out more crap, even while you're paying if you are actually buying, until you walk out the door.
Who even does that? Indians, apparently 🤷
Who even does that? Indians, apparently 🤷
After eight days of conference and 11 days of trekking around, I've had enough of Indians just being in your face everywhere. I can't deal with it anymore, really.
Thank f**k we're going home tomorrow.
Thank f**k we're going home tomorrow.
@ariadne
It now has a blurb about 'upgrading' to a static site generator and that it will 'take time' for everything to be up again. Suuuuuure.
It now has a blurb about 'upgrading' to a static site generator and that it will 'take time' for everything to be up again. Suuuuuure.
Did a short thing about [extrepo](https://packages.debian.org/extrepo) at the [DebConf23](https://debconf23.debconf.org) [lightning talks and demos](https://debconf23.debconf.org/talks/51-live-demos-lightning-talks/) slot, which I believe was well received. The video is already [out](https://meetings-archive.debian.net/pub/debian-meetings/2023/DebConf23/debconf23-369-live-demos-lightning-talks.av1.webm)!
@marcan @developing_agent fair enough. And I suppose they're also not going to sue if they have a week case and there is no money to grab. You're not a corporation with several millions in the bank.
@marcan
It means they have too much money and don't mind suing until you get tired if it and go 'fine, give me that paper', it run out of money, whichever comes first.
No, you should not give in. Yes, it does happen.
@developing_agent
It means they have too much money and don't mind suing until you get tired if it and go 'fine, give me that paper', it run out of money, whichever comes first.
No, you should not give in. Yes, it does happen.
@developing_agent
@raboof @ska @reproducible_builds Sure; I meant to say that you can detect trusting trust issues without bit-by-bit identical binaries. Having those makes the detection even easier, of course!
@ska @reproducible_builds Note that reproducible builds doesn't necessarily give you bit-for-bit identical binaries, and that's also not necessary. What they give you is a toolkit to figure out which changes are normal results of different build dependencies, and which ones aren't. Things like diffoscope, e.g.
@ska @reproducible_builds If I build a version of some reproducibly-built software using a compromised tool chain and you built it using a non compromised one, and you shared the relevant bits of the output with me, then we know that one of us has a fishy compiler and the trusting trust issues are discovered.
That still leaves figuring out what happened, of course, but you don't need to be an expert to get this far. With your method of auditing binaries, you do.
That still leaves figuring out what happened, of course, but you don't need to be an expert to get this far. With your method of auditing binaries, you do.
@autism101 @actuallyautistic Some (also spectrum) people find emails extremely difficult to deal with properly and prefer getting a phone call... 🤷
Maybe better to discuss with the party involved and see what works for the both of you?
Maybe better to discuss with the party involved and see what works for the both of you?