Re: fakeroot a solution for multi-architecture building?

[joost@rulcmc.leidenuniv.nl (joost witteveen)]

[much I agree with deleted]

> where is the difference between having the pgp phase in kmem and having
> a sniffer program running as root, that will record the pass phrase when
> you build a package on your machine ? the security problem is the same
> in my opinion.

OK, yes, there isn't much difference.

All I was saying was that there _was_ something to worry about,
and fortunately you agree with me that we have to make the
build machines secure (whatever that takes).

Remember, I wrote fakeroot, and one major reason for me to put
so much time in it (and I do put a lot of time in fakeroot) is
precisely because I wanted to enable auto-building. So, I do
want it to go ahead. It's just that I do think we need to think
about making those build machines as secure as we can.


-- 
joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .