Re: autobuilding, pgp signing, security
> On Mon, 29 Sep 1997, Dale Scheetz wrote:
>
> >I agree that the machine should be given a pgp key, but an individual
> >should be the party responsible for its invocation. A vulnerable machine
> >with its activities determined by a set of cron jobs is not something we
> >should "identify" as a "developer".
>
> The machine will not have a pgp key. The special packaging account will
> have one. Packages will be build under one special user account which can
> be protected with a directory mode 700 on top so that no one can spy into
> things.
But then it isn't "auto-building" any more!
Anyway, the above solution would be my "preferred" solution, but
really I think just a "true" autobuild procedure is OK too.
> I do not think that these partition mounting things etc are necessary.
> Lets get it to work first and then see what additional measures re
> security might be necessary.
Couldn't agree more, and I sortof feel sorry for bringing this up.
All I wanted to say was "please, while you make it work, also think
about security".
But anyway, I think most of us (if not all) agree that we should
go ahead, so what's there to stop us (well, my slow network connection,
and, uhm, df reporting about 30 M free diskspace on my machine).
--
joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: