Re: Official Debian digital 'branding' of debs
>>"Chris" == Chris Lawrence <firstname.lastname@example.org> writes:
Chris> I suspect that the only "secure" solution is to give every developer
Chris> boxes that run every Debian architecture, and make each developer
Chris> compile their packages on each box... these boxes to be behind a
Chris> firewall, with packages distributed by burning them on CD and mailing
Chris> them to the "home office."
Chris> For starters: How do you "verify" the build daemon is not compromised
Chris> without being at the console? If it *is* compromised, you can be
Chris> spoofed into thinking it isn't by any method of remote access.
Chris> I suspect there are much wider holes in our security than the build
Chris> daemons. To name one example: any developer's machine can be
Chris> compromised, his key stolen (and $20 says at least one developer has
Chris> no passphrase on his secret PGP key), and then the entire archive can
Chris> be corrupted by uploading bogus packages to master (all automatic).
Chris> If we're lucky, someone might catch the problem from the Installed
Chris> messages before it propogated to all of the mirrors...
My machines are behind a firewall. No remote inbound access is
allowed. telnetd/rsh are disallowed, and ssh will not allow fall back
to less secure methods.
My key is never on a networked machine. To sign package, I
phisically disconnect the network, cold boot from known media (no
processes that I don't know about), mount my key, sign, unmount my
key, and revert to a connected state.
My pass phrase is over 70 characters in an non english language.
I take my security seriously.
Unix is like a toll road on which you have to stop every 50 feet to
pay another nickel. But hey! You only feel 5 cents poorer each
time. --Larry Wall in <1992Aug13.email@example.com>
Manoj Srivastava <firstname.lastname@example.org> <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E