[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages and signatures

>>"Michael" == Michael Neuffer <neuffer@mail.uni-mainz.de> writes:

 Michael> How are the autobuilders doing it at the moment ?
 Michael> IIRC the resulting binary packages are not beeing signed by the 
 Michael> maintainers anymore, or by somebody maintaining one of the 
 Michael> autobuilders.

 Michael> The sheer volume of packages beeing build for the growing number 
 Michael> of architectures makes it hmmmmm... at least inpractical as long 
 Michael> as we do not have a full time package signer paid by somebody. 

 Michael> I would consider the autobuilders as a kind of trusted entity
 Michael> that is able to sign the resulting packages itself. 

	I would then expect a serious hardening of the machine the
 build daemons sit on, with seriously restricted access, and as much
 as possible of the auto build process to be trip wire checksummed. 

	I am not sure how much trust one can put into an automated
 process, though, that signs things; unless one can have trust in the
 checks that the process makes, and establish and end to end trusted
 chain of events. At a minimum:
 a) the debian key-ring is validated and checksummed (checksum on
    non-writable media)
 b) The signatures of the original developer on the source package are
 c) The machine was installed from trusted packages, and has not been
    compromised( a tripwire check on the machine should be normal

	I generally keep /boot and /usr mounted read only. Indeed, for
 specialized build machines, that can be done too.

 Nonsense.  Space is blue and birds fly through it. Heisenberg
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: