Re: fakeroot a solution for multi-architecture building?
On Sun, 28 Sep 1997, joost witteveen wrote:
> > The packages are only handled by the arch-specific builders AFTER
> > Guy has got them through his procedure of bringing them into the
> > distribution for the initial architectures. They are already verified
> > as authentic.
> The .deb (for new arch) packages cannot be verified as authentic,
> as they don't exist before the arch-specific builders build them.
> > The arch-specific builders could have a special pgp
> > key to authenticate uploades coming from them like any other developer.
> Yes, I know all that. But the point is, that these arch-specific builders
> _have_ to auto-sign the .deb packages they build. That means there
> is a plaintext key _somewhere_ on those arch-specific builders,
> and that seems to open security holes to me.
You understand that this is a trapdoor function? As I understand it, only
some governments have the computational resources to convert the
"plaintext key" into the two prime numbers required to create a "false"
upload, or decode the more secure encoding used between two people.
> Yes, the .tar.gz is authentic, but the .deb's cannot be (well, unless
> you fully trust those machines).
I'm not sure I'm following this argument correctly? What is there about
"those" machines that would make them either trustworthy or not?
As I understand it, only the changes file is pgp signed. Because this file
contains md5 sums for the other "uploaded" files in the release, it acts
to validate them as well. Once you have a valid, verifiable set what's the
aka Dale Scheetz Phone: 1 (904) 656-9769
Flexible Software 11000 McCrackin Road
e-mail: firstname.lastname@example.org Tallahassee, FL 32308
_-_-_-_-_-_- If you don't see what you want, just ask _-_-_-_-_-_-_-
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .