Re: How to improve Debian security, and avoid trojans...
On Mar 29, Nicolás Lichtmaier wrote
> Developers would upload only source packages. The load needed to build
> every uploaded package may be important. So the work can be handled by
> several *VERY* trusted machines on the net (3 or 4). The machine would
> periodically check an ftp dir on master / download the source packages
> / build them / and upload the .deb. This could be done with low priority..
> something like the RC5 contest.. =)
That's very interesting. Might work for Intel, but where are you going to
find trusted m68k machines with a decent-speed network connection (for this
sort of project, I don't think modem speeds will cut it)?
Plus that gives us around 10 (assume 3-4 for Intel, 2 or so for the other
arches) very big points of vulnerability. And it doesn't do anything about
source packages that are sabotaged from the start.
The only good thing I can see is that the packages would all be built on a
consistent system. Oh, and it would force package developers to put
blindly-buildable sources up (which I view as a good thing, although most
developers probably don't need the additional hassle).
Chris
--
============================================================================
| Chris Lawrence | The Linux/m68k FAQ |
| <quango@ix.netcom.com> | http://www.clark.net/pub/lawrencc/linux/faq/ |
| | |
| Amiga A4000/040 and | The Internet Link Exchange |
| Linux/m68k 2.1.29 | http://www.linkexchange.com/ |
============================================================================
Reply to: