On Mon, Oct 20, 2003 at 11:03:03AM +0200, Sven Luther wrote: > A Malicious maintainer has installed a version of libc or whatever on > his system that opens the way to a security hole. Because, of course, a malicious buildd admin or member of the Debian Security Team is a flat impossibility, as is compromise of a buildd box. Why, breach of a Debian Project machine is so impossible, it hasn't even happened in the past *COUGHCOUGHCOUGHCOUGHCOUGH -- GAG CHOKE WHEEZE -- COUGHCOUGHCOUGHmaybeyoushouldreaddebian-privateCOUGHCOUGHCOUGH*. And we've never had a package uploaded with an *upstream* Trojan in it either, which escaped the attention of the package maintainer and which was gleefully compiled by the buildds, and dutifully signed by the buildd admins! *COUGH*micq*COUGH* /me clears throat. Much better. Yes, surely your proposed scenario will save us from these evils. -- G. Branden Robinson | Of two competing theories or Debian GNU/Linux | explanations, all other things branden@debian.org | being equal, the simpler one is to http://people.debian.org/~branden/ | be preferred. -- Occam's Razor
Attachment:
signature.asc
Description: Digital signature