Re: Packages and signatures
>>"Michael" == Michael Neuffer <email@example.com> writes:
Michael> How are the autobuilders doing it at the moment ?
Michael> IIRC the resulting binary packages are not beeing signed by the
Michael> maintainers anymore, or by somebody maintaining one of the
Michael> The sheer volume of packages beeing build for the growing number
Michael> of architectures makes it hmmmmm... at least inpractical as long
Michael> as we do not have a full time package signer paid by somebody.
Michael> I would consider the autobuilders as a kind of trusted entity
Michael> that is able to sign the resulting packages itself.
I would then expect a serious hardening of the machine the
build daemons sit on, with seriously restricted access, and as much
as possible of the auto build process to be trip wire checksummed.
I am not sure how much trust one can put into an automated
process, though, that signs things; unless one can have trust in the
checks that the process makes, and establish and end to end trusted
chain of events. At a minimum:
a) the debian key-ring is validated and checksummed (checksum on
b) The signatures of the original developer on the source package are
c) The machine was installed from trusted packages, and has not been
compromised( a tripwire check on the machine should be normal
I generally keep /boot and /usr mounted read only. Indeed, for
specialized build machines, that can be done too.
Nonsense. Space is blue and birds fly through it. Heisenberg
Manoj Srivastava <firstname.lastname@example.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C