Request for sponsor and review of: lazarus and fpc
Joost van der Sluis
joost at cnoc.nl
Tue Jul 26 09:56:41 UTC 2005
Orion, thanks for looking into the package.
On Mon, 25 Jul 2005, Orion Poplawski wrote:
> Jens Petersen wrote:
> > Orion Poplawski wrote:
> >
> > Thanks for the review.
> >
> >
> >>POSSIBLY VERY BAD:
> >>
> >> - tar.gz of binary executables as part of the package!
> >
> >
> > This is basically needed to bootstrap fpc.
> >
> > Jens
> >
>
> Yeah, but what *are* they? From a security standpoint alone putting
in
> binaries seems suspect. Also, there is no license info for that
> package. I think you would need to provide the source for those
> binaries and build them as part of the fpc build process.
The provided binaries are exactly the same as the binaries which are
build. So after that the compiles is bootstrapped, you can check if the
provided binaries are the same as the ones which are freshly compiled.
Maybe I should add a readme to the binary-tarbal and a COPYING-file.
Basicly the provided binary should be the 'previous' version from fpc,
but then you would use a 'strange' binary, so i choosed to use the same
version as the version which is build.
Also the provided binaries aren't used in the final installation. So
they're only in the src-package. I think that this is the best solution
to introduce this new compiler.
I'm looking at the other problems with the package (can't find the
missing latex/tetex package. Removed almost everything, i'll find it
later today and send the new version to the list)
Regards,
Joost.
More information about the fedora-extras-list
mailing list