Re: Trust in the Debian Build Process
I have been working on a program to do this. My concern has been a
little different, but it tends to solve the same problem. I have been
observing the failure modes for GNU/Linux machines for a couple of
years. The current wisdom leans toward implementing RAID to cope with
hardware failures. If one drive goes kaput, the mirror or raid copes
by filling in for the non-functioning drive. Unfortunately, the
primary failure mode is *not* catastrophic hardware failure. Instead,
read errors on the system drive corrupt system binaries until
unexplained errors are noticed by the operator.
The first step to a solution is to sign or checksum the system
binaries. ITO that this is quite easy. I'm planning to start with a
checksum, test it, and then add signing.