Re: buildd hosts

[Mike Fedyk <mfedyk@matchmail.com>]

On Thu, Apr 26, 2001 at 01:26:28PM -0500, Christian T. Steigies wrote:
> On Thu, Apr 26, 2001 at 11:15:50AM -0700, Mike Fedyk wrote:
> > On Thu, Apr 26, 2001 at 11:52:34AM -0500, Michael Shuey wrote:
> > > I believe Mike isn't asking how I'd verify access for Debian developers on
> > > my machine; he's asking how you Debian developers can prove that I haven't
> > > modified my Mac to insert untrusted binaries into the distribution.  Keep
> > > in mind I'm not a Debian developer, so my PGP keys aren't on the official
> > > keyring.  I'm just some guy with a spare Mac. :-)
> > > 
> > Yes, that's it exactly...
> These days most packages are built in a chroot. You don't know what a chroot
> is? How do you want to put untrusted binaries in it ;-)

Yes, I know about chrooting, but not the intricacies of that environment.

I've read about modified compiler binaries producing more modified binaries.

> Basically, the buildd maintainer on that machine installs another system
> from scratch which runs inside your running linux by downloading packages
> from the debian servers or by unpacking a prepared chroot onto your machine.
> We trust Michael when he built that chroot.tgz (as Michael trusts me when
> Roman and James wrote buildd and sbuild). And maybe you trust me when I
> built the last base.tgz...
> I think it'd be rather hard for you to get untrusted binaries into the
> building system, not impossible, but a complete waste of time (who would be
> hit by untrusted binaries after all? Only the buildd machines, or does any
> serious business run on m68ks?). I think if somebody wanted to play jokes on
> us, he'd pick any arch but m68k... (this is not an invitation!).

I know we're all volunteers, but this makes me wonder how hard it would be
to really mess up the debian project like this.  I'm probably not the first
to think of this too.

Mike