Re: fakeroot a solution for multi-architecture building?

[joost@rulcmc.leidenuniv.nl (joost witteveen)]

> With fakeroot there is a way to securely build packages without
> risking some trojan horse in the debian/rules or similar things.

As the author of fakeroot, I really like this idea.
(And, I would like to say I'm working on your VIRTUAL_ROOT idea,
altough in a somewhat different form than you suggested. And, it
may take some time to write it).

But there's one problem I haven't heard anyone report yet:

What about the pgp signatures for the .deb files?

Usually, the maintainer signs the .changes file, and thus vouches
for the integrity of the .deb archive. But with automated .deb
creation, just any computer on the "automated build list" can
insert .deb files that are corrupt.

So, for example, if my computer were on the list of computers
that can generate i386 archives, and I have samba installed
(I did, yesterday), any cracker can break into my system with
that samba bug, and upload .deb's modified to do whatever they
want[1]. Would it be wise to require that those build-systems
have a trimmed-down /etc/inetd.conf? Or maybe that they don't
have many users that could break into the system?



[1] Yes, I know in principle that's possible now too, a cracker
    could have broken into my computer, and modified dpkg-deb
    on my system. But it's not as easy, and it will only work
    while I'm building .debs (They'd need my private pgp key)

-- 
joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .