On Sat, Nov 28, 1998 at 07:32:17PM +0100, J.H.M. Dassen Ray" wrote: > Please note that uploads of Debian packages already contain a digital > signature for the binary packages as part of the .changes file. > Unfortunately, this information isn't part of the Debian packages > themselves, so an end user can't verify it, and a malicious mirror could > insert trojan packages. What can we do against this? I guess most of the users at most verify their packages using the Debian keyring from the mirror/cd, so somebody could even circumvent the digital signature by changing the key of a developer in the keyring... > > One possible solution may look like this: > > > > Centralize the actual build process. > > There are certainly merits to this, and I'd like to see this implemented, if > it's feasible. It would also prevent disasters like the libc compiled with a > broken /usr/local/bin/gcc we're now in the process of recovering from. I do not think so. If we installed the buggy libc centralized we would have every package compiled with the wrong library... > I'm not sure if it's feasible yet. I don't know if we have enough power > available in net.connected machines to pull it off. Also, we'd need a way to > give some builds priority (e.g. security fixes). Build only on net-connected machines? This is just another security hole. Are you sure nobody can gain root access to master? It is a lot more secure to build the binaries on developers machines which are not connected or not permanently connected to the net. > Ray cu Torsten
Attachment:
pgpJ1KBy0XjBE.pgp
Description: PGP signature