[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Source only uploads?

On Mon, Oct 20, 2003 at 11:03:03AM +0200, Sven Luther wrote:
> A Malicious maintainer has installed a version of libc or whatever on
> his system that opens the way to a security hole.

Because, of course, a malicious buildd admin or member of the Debian
Security Team is a flat impossibility, as is compromise of a buildd box.

Why, breach of a Debian Project machine is so impossible, it hasn't even

And we've never had a package uploaded with an *upstream* Trojan in it
either, which escaped the attention of the package maintainer and which
was gleefully compiled by the buildds, and dutifully signed by the
buildd admins!  *COUGH*micq*COUGH*

/me clears throat.  Much better.

Yes, surely your proposed scenario will save us from these evils.

G. Branden Robinson                |    Of two competing theories or
Debian GNU/Linux                   |    explanations, all other things
branden@debian.org                 |    being equal, the simpler one is to
http://people.debian.org/~branden/ |    be preferred.      -- Occam's Razor

Attachment: signature.asc
Description: Digital signature

Reply to: