Re: Trust in the Debian Build Process

To: Thomas Roessler <roessler@guug.de>
Cc: debian-devel@lists.debian.org
Subject: Re: Trust in the Debian Build Process
From: Raul Miller <rdm@test.legislate.com>
Date: Mon, 30 Nov 1998 06:50:01 -0500
Message-id: <[🔎] 19981130065001.A16369@hazel>
Mail-followup-to: Thomas Roessler <roessler@guug.de>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 19981116142900.B19100@sobolev.rhein.de>; from Thomas Roessler on Mon, Nov 16, 1998 at 01:30:17PM -0000
References: <[🔎] 19981116142900.B19100@sobolev.rhein.de>

Thomas Roessler <roessler@guug.de> wrote:
> The essential problem we have to face is that every Debian developper
> and whoever controls the machines developpers are using has trivial
> root access to every Debian system his package is installed on.

The essential solution to this problem is redundancy and testing:

(1) We need robust testing of the resulting packages.  We're working
on this, but have a ways to go.

(2) We need a way of confirming that binaries are built properly.
As far as I know, no one is tackling this.

Any solution is going to have vulnerabilities.  A distributed solution
is going to scale better than a centralized solution.

-- 
Raul

Reply to:

References:
- Trust in the Debian Build Process
  - From: Thomas Roessler <roessler@guug.de>

Prev by Date: Re: Draft new DFSG - r1.4
Next by Date: XFree86-3.3.3 is really not in slink?
Previous by thread: Re: Trust in the Debian Build Process
Next by thread: Libc6-doc Whats's up...
Index(es):
- Date
- Thread