Re: fakeroot a solution for multi-architecture building?
joost witteveen <joost@rulcmc.leidenuniv.nl> wrote:
> Now comes the (simple) attac: just exploit the samba bugs on alpha-build,
> and you are now able to create packages that dinstall will trust.
> (if alpha build can do it automatically, then surely someone who broke
> root can do it). So, you simply remove those silly checks for pgp-correctness
> of the developpers, and you make it create any package you like, that
> does whatever you like, and let alpha-build sign it with the pgp key
> that dinstall trusts, and let alpha-build upload it to master.
This can also happen on regular developer's machines. [It's not
as if the developer routinely audits the source to see if it's
been altered.]
The solution is auditing, of course. If someone runs packages in a
quarantine area, and notes (and reports) any unusual behavior, that
would be a good thing (and not too hard to implement). The more and more
varied these quarantine are, the better.
Another good thing would be people examining the source. This might be
classes of students, maybe professional security firms, and, of course,
developers and maintainers. Ultimately, if no one understands the
source the program cannot be considered secure.
Finally, it would be good to have a *simple* program to compare
binaries. This way, independently generated binaries could
be held up against each other. I believe this is an unmet need.
[Anything based on libbfd doesn't qualify, I suspect.]
If an auto-ported release turns up compromised then everything that's
gone through the release site should be considered compromised.
Ideally, after several of major releases to get things smooth, we'd have
this kind of checking pretty well done before each release is announced.
--
Raul
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: