[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to improve Debian security, and avoid trojans...

On Fri, 28 Mar 1997, Chris Lawrence wrote:

> On Mar 29, Nicolás Lichtmaier wrote
> >  Developers would upload only source packages. The load needed to build
> > every uploaded package may be important. So the work can be handled by
> > several *VERY* trusted machines on the net (3 or 4). The machine would
> > periodically check an ftp dir on master / download the source packages
> > / build them / and upload the .deb. This could be done with low priority..
> > something like the RC5 contest.. =)
> That's very interesting.  Might work for Intel, but where are you going to
> find trusted m68k machines with a decent-speed network connection (for this
> sort of project, I don't think modem speeds will cut it)?

 But.. something like this is already working for non intel machines!!! We
upload the source and the intel binary. The m68k port maintainer download
just the source package and builds it. It's just a matter of trusting the
m68k maintainer.. =)

> Plus that gives us around 10 (assume 3-4 for Intel, 2 or so for the other
> arches) very big points of vulnerability.  And it doesn't do anything about
> source packages that are sabotaged from the start.
> The only good thing I can see is that the packages would all be built on a
> consistent system.  Oh, and it would force package developers to put
> blindly-buildable sources up (which I view as a good thing, although most
> developers probably don't need the additional hassle).

 I think you are missing to see the big increase in the ability to control
the work of developers. I think that the way to control the work of the
developers isn't a closed system.. I don't like the `make world' scheme...
I think that the best way is testing the final product. But this is
IMPOSSIBLE without seeing the source. The binaries should be checked for
bugs, and the source for trojans. Perhaps it will be impossible to check
every source, but we could check the ones by unknown developers. We can
even think in a scheme where every developer gets the responsibility for
checking another source. And all of this can't be done if developer built
binaruies are allowed to make into the final release.

-- 
Nicolás Lichtmaier.-  | Try visiting #debian in Undernet.
nick@feedback.com.ar  | The channel of the debian developers =)
Reply to: