Re: Official Debian digital 'branding' of debs

To: Manoj Srivastava <srivasta@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Official Debian digital 'branding' of debs
From: Joey Hess <joey@kitenet.net>
Date: Tue, 6 Jul 1999 11:12:54 -0700
Message-id: <[🔎] 19990706111254.N15753@kitenet.net>
Mail-followup-to: Manoj Srivastava <srivasta@debian.org>, debian-devel@lists.debian.org
In-reply-to: <87iu86yand.fsf@glaurung.green-gryphon.com>; from Manoj Srivastava on Tue, Jun 29, 1999 at 04:11:50PM -0500
References: <87909ec10m.fsf@hasler.dhh> <99062018404700.00631@earth> <87r9n6aimc.fsf@hasler.dhh> <87674homq2.fsf@rut.informatik.uni-tuebingen.de> <87aettagmg.fsf@hasler.dhh> <87pv2l698m.fsf@rut.informatik.uni-tuebingen.de> <87iu86yand.fsf@glaurung.green-gryphon.com>

Manoj Srivastava wrote:
>         A build demaon is automatically insecure. (think about it --
>  if putting a key on the machine is insecure, which you recognize, how
>  is an automatic build suddenly secure?)

You seem to have missed the post a few days ago explaining how it was
handled. They autobuild, then transfer the .changes to their home machine
and sign it there. 

(Yeah, there are still some security ramifications, like what if someone
installed a gcc that generates code with backdoors, on the autobuilder..)

-- 
see shy jo

Reply to:

Follow-Ups:
- Re: Official Debian digital 'branding' of debs
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Re: Postfix as default MTA? (Benchamrks available in Japanese :-)
Next by Date: RE: Hardware vendors who pre-install Debian
Previous by thread: intent to package libapache-mod-ruby
Next by thread: Re: Official Debian digital 'branding' of debs
Index(es):
- Date
- Thread