[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Official Debian digital 'branding' of debs

>>"Chris" == Chris Lawrence <cnlawren@olemiss.edu> writes:

 Chris> I suspect that the only "secure" solution is to give every developer
 Chris> boxes that run every Debian architecture, and make each developer
 Chris> compile their packages on each box... these boxes to be behind a
 Chris> firewall, with packages distributed by burning them on CD and mailing
 Chris> them to the "home office."

 Chris> For starters: How do you "verify" the build daemon is not compromised
 Chris> without being at the console?  If it *is* compromised, you can be
 Chris> spoofed into thinking it isn't by any method of remote access.

 Chris> I suspect there are much wider holes in our security than the build
 Chris> daemons.  To name one example: any developer's machine can be
 Chris> compromised, his key stolen (and $20 says at least one developer has
 Chris> no passphrase on his secret PGP key), and then the entire archive can
 Chris> be corrupted by uploading bogus packages to master (all automatic).
 Chris> If we're lucky, someone might catch the problem from the Installed
 Chris> messages before it propogated to all of the mirrors...

        My machines are behind a firewall. No remote inbound access is
 allowed. telnetd/rsh are disallowed, and ssh will not allow fall back
 to less secure methods.

        My key is never on a networked machine. To sign package, I
 phisically disconnect the network, cold boot from known media (no
 processes that I don't know about), mount my key, sign, unmount my
 key, and revert to a connected state.

        My pass phrase is over 70 characters in an non english language.

        I take my security seriously.

 Unix is like a toll road on which you have to stop every 50 feet to
 pay another nickel.  But hey!  You only feel 5 cents poorer each
 time. --Larry Wall in <1992Aug13.192357.15731@netlabs.com>
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E

Reply to: