[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Official Debian digital 'branding' of debs

Manoj Srivastava wrote:
>         A build demaon is automatically insecure. (think about it --
>  if putting a key on the machine is insecure, which you recognize, how
>  is an automatic build suddenly secure?)

You seem to have missed the post a few days ago explaining how it was
handled. They autobuild, then transfer the .changes to their home machine
and sign it there. 

(Yeah, there are still some security ramifications, like what if someone
installed a gcc that generates code with backdoors, on the autobuilder..)

see shy jo

Reply to: