Re: Official Debian digital 'branding' of debs
Hi,
>>"Joey" == Joey Hess <joey@kitenet.net> writes:
Joey> Manoj Srivastava wrote:
>> A build demaon is automatically insecure. (think about it --
>> if putting a key on the machine is insecure, which you recognize, how
>> is an automatic build suddenly secure?)
Joey> You seem to have missed the post a few days ago explaining how it was
Joey> handled. They autobuild, then transfer the .changes to their home machine
Joey> and sign it there.
No, you missed my post where I critiqued the method if signing
a post sent out by the aytobuild daemon, which may gain be handled
automatically. How do you know th build system was not compro,ised?
How do you know the mail was not intecepted? how do you know that the
debs were not substituted on the build machine? how do you know the
unpacked sources were not tampered with during the build? If the
build system is too iunsecure to put your keyring there, it is too
insecure to trust an automated process.
Joey> (Yeah, there are still some security ramifications, like what
Joey> if someone installed a gcc that generates code with backdoors,
Joey> on the autobuilder..)
There may not be as trivial as you are making them out to be.
manoj
--
FORTUNE PROVIDES QUESTIONS FOR THE GREAT ANSWERS: #19 A: To be or not
to be. Q: What is the square root of 4b^2?
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
Reply to: