[buildd-tools-devel] Bug#607945: Bug#607945: Bug#607945: Bug#607945: sbuild: can haz I entropy?

Modestas Vainius modestas at vainius.eu
Sun Jan 2 13:12:28 UTC 2011 

Hello,

On ketvirtadienis 30 Gruodis 2010 20:33:48 Roger Leigh wrote:
> On Thu, Dec 30, 2010 at 07:24:20PM +0100, Cyril Brulebois wrote:
> > Roger Leigh <rleigh at codelibre.net> (30/12/2010):
> > > > Per host.  It's stored in /var/lib/sbuild/apt-keys .
> > > 
> > > Note that if there's a reason to do it per-chroot, we can do that.
> > > I couldn't envisage any security issues in sharing this key between
> > > chroots, but if there are it's a simple change.
> > 
> > Was just wondering whether this might make sense to move key creation
> > to sbuild's install time (openssh-server's style). Might be, if/when
> > the default resolver gets changed.
> > 
> > (“make sense” as in “can be thought of if it's per-host, and not if
> > it's per-chroot”; other considerations left aside.)
> 
> I did consider triggering this in the postinst.  I was concerned that
> this could break package installation on systems with scarce entropy
> by blocking package installation indefinitely.  Since this is currently
> an optional feature, I opted to allow generation when required.
> 
> After squeeze, I'd like to look at moving to the apt resolver (having
> more consistent/predicatable behaviour than aptitude). 

Oh, that's a myth with deep history apparently. Could you point me to a single 
case where (modern) aptitude resolver failed recently? With current safeguards 
in place, it should be very reliable and thanks to it, experimental is no 
longer a PITA making many people (including me) happy.

As long as apt-get does not consider dependencies from non-default sources, it 
won't be an option for non-unstable buildds. And apt-get resolver is not 
configurable at all (don't know about that new stuff in apt/experimental 
though).

P.S. This does not mean I advocate aptitude as default resolver. I'm just 
acting a role of mythbuster, someone has to :)

-- 
Modestas Vainius <modestas at vainius.eu>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20110102/18eefe6c/attachment.pgp>

More information about the Buildd-tools-devel mailing list