[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Trust in the Debian Build Process

Thomas Roessler <roessler@guug.de> wrote:
> The essential problem we have to face is that every Debian developper
> and whoever controls the machines developpers are using has trivial
> root access to every Debian system his package is installed on.

The essential solution to this problem is redundancy and testing:

(1) We need robust testing of the resulting packages.  We're working
on this, but have a ways to go.

(2) We need a way of confirming that binaries are built properly.
As far as I know, no one is tackling this.

Any solution is going to have vulnerabilities.  A distributed solution
is going to scale better than a centralized solution.


Reply to: