Re: Packages and signatures
>>"Michael" == Michael Neuffer <neuffer@mail.uni-mainz.de> writes:
Michael> How are the autobuilders doing it at the moment ?
Michael> IIRC the resulting binary packages are not beeing signed by the
Michael> maintainers anymore, or by somebody maintaining one of the
Michael> autobuilders.
Michael> The sheer volume of packages beeing build for the growing number
Michael> of architectures makes it hmmmmm... at least inpractical as long
Michael> as we do not have a full time package signer paid by somebody.
Michael> I would consider the autobuilders as a kind of trusted entity
Michael> that is able to sign the resulting packages itself.
I would then expect a serious hardening of the machine the
build daemons sit on, with seriously restricted access, and as much
as possible of the auto build process to be trip wire checksummed.
I am not sure how much trust one can put into an automated
process, though, that signs things; unless one can have trust in the
checks that the process makes, and establish and end to end trusted
chain of events. At a minimum:
a) the debian key-ring is validated and checksummed (checksum on
non-writable media)
b) The signatures of the original developer on the source package are
verified
c) The machine was installed from trusted packages, and has not been
compromised( a tripwire check on the machine should be normal
process)
I generally keep /boot and /usr mounted read only. Indeed, for
specialized build machines, that can be done too.
manoj
--
Nonsense. Space is blue and birds fly through it. Heisenberg
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: