[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Source only uploads?

David B Harris dijo [Tue, Oct 21, 2003 at 06:30:56PM -0400]:
> > Another argument: trojaned binaries can more easyly happen on hundrets of
> > machines with differen secuirty policies. Not that I think auto builders are
> > safe from that, but the environemnt is more easyly controleable.
> Yeah, instead of having to break into hundreds of maintainers' boxes to
> make sure that the binaries are torjaned, he only has to break into one.
> Familiar with the term "single point of failure"? :)

Yes, that's a point. But that would be a machine run by a responsable
administrator - I use a publicly accesible machine as my development
station, and you can be sure it is be easier to break into than any
official debian.org machine. Even more, I run many potentially
abusable services. And I think many people have setups similar to (or
possibly much worse than) mine.

Here goes a bit of a wild idea, which could not be implemented today,
but we might want to push towards it: Think of the BSDs' Union
Filesystem - no such thing exists today in Linux, but anyway... If you
union-mount a filesystem on a directory of an existing filesystem, the
existing filesystem becomes read-only from that point on. The original
filesystem might in fact be mounted read-only. Every change will only
be made to the newly mounted filesystem - it will include all the
differences to the original FS.

Imagine we built an image of a minimal system, with all the
build-essential packages installed. This image is rebuilt each time a
package in it is modified. This image is signed in order to verify it
has not been tampered with. We union-mount over it a blank filesystem,
over which we install the build-dependencies of each package we want
to build. 

There you go, you have a freshly installed basic and
as-perfect-as-it-can-be filesystem, ready to roll your build.

Yes, this would consume many more resources than what we want right
now, but... It can be a worthy system to further investigate and play
with for the future... Or am I smoking too much crack? ;-)


Gunnar Wolf - gwolf@gwolf.cx - (+52-55)5630-9700 ext. 1366
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF

Attachment: signature.asc
Description: Digital signature

Reply to: