Re: Source only uploads?

To: David B Harris <david@eelf.ddts.net>
Cc: debian-devel@lists.debian.org
Subject: Re: Source only uploads?
From: Gunnar Wolf <gwolf@gwolf.cx>
Date: Tue, 21 Oct 2003 18:17:27 -0500
Message-id: <[🔎] 20031021231727.GE2076@gwolf.cx>
In-reply-to: <[🔎] 20031021183056.018f9653.david@eelf.ddts.net>
References: <[🔎] 20031019155755.GA6838@iliana> <[🔎] 20031019190810.GA17193@doc.ic.ac.uk> <[🔎] 20031019233954.GA14286@snoopy.apana.org.au> <[🔎] 20031020065720.GD13300@doc.ic.ac.uk> <[🔎] 20031020190733.GD20877@gwolf.cx> <[🔎] 20031021181222.GG19995@doc.ic.ac.uk> <[🔎] 20031021201217.GC886@gwolf.cx> <[🔎] 20031021210527.GA17425@lina.inka.de> <[🔎] 20031021183056.018f9653.david@eelf.ddts.net>

David B Harris dijo [Tue, Oct 21, 2003 at 06:30:56PM -0400]:
> > Another argument: trojaned binaries can more easyly happen on hundrets of
> > machines with differen secuirty policies. Not that I think auto builders are
> > safe from that, but the environemnt is more easyly controleable.
> 
> Yeah, instead of having to break into hundreds of maintainers' boxes to
> make sure that the binaries are torjaned, he only has to break into one.
> 
> Familiar with the term "single point of failure"? :)

Yes, that's a point. But that would be a machine run by a responsable
administrator - I use a publicly accesible machine as my development
station, and you can be sure it is be easier to break into than any
official debian.org machine. Even more, I run many potentially
abusable services. And I think many people have setups similar to (or
possibly much worse than) mine.

Here goes a bit of a wild idea, which could not be implemented today,
but we might want to push towards it: Think of the BSDs' Union
Filesystem - no such thing exists today in Linux, but anyway... If you
union-mount a filesystem on a directory of an existing filesystem, the
existing filesystem becomes read-only from that point on. The original
filesystem might in fact be mounted read-only. Every change will only
be made to the newly mounted filesystem - it will include all the
differences to the original FS.

Imagine we built an image of a minimal system, with all the
build-essential packages installed. This image is rebuilt each time a
package in it is modified. This image is signed in order to verify it
has not been tampered with. We union-mount over it a blank filesystem,
over which we install the build-dependencies of each package we want
to build. 

There you go, you have a freshly installed basic and
as-perfect-as-it-can-be filesystem, ready to roll your build.

Yes, this would consume many more resources than what we want right
now, but... It can be a worthy system to further investigate and play
with for the future... Or am I smoking too much crack? ;-)

Greetings,

-- 
Gunnar Wolf - gwolf@gwolf.cx - (+52-55)5630-9700 ext. 1366
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Source only uploads?
  - From: Brian May <bam@debian.org>
- Re: Source only uploads?
  - From: Jochen Voss <voss@seehuhn.de>

References:
- Re: Source only uploads?
  - From: Sven Luther <sven.luther@wanadoo.fr>
- Re: Source only uploads?
  - From: Andrew Suffield <asuffield@debian.org>
- Re: Source only uploads?
  - From: Brian May <bam@debian.org>
- Re: Source only uploads?
  - From: Andrew Suffield <asuffield@debian.org>
- Re: Source only uploads?
  - From: Gunnar Wolf <gwolf@gwolf.cx>
- Re: Source only uploads?
  - From: Andrew Suffield <asuffield@debian.org>
- Re: Source only uploads?
  - From: Gunnar Wolf <gwolf@gwolf.cx>
- Re: Source only uploads?
  - From: Bernd Eckenfels <lists@lina.inka.de>
- Re: Source only uploads?
  - From: David B Harris <david@eelf.ddts.net>

Prev by Date: Re: Debconf in Brazil?
Next by Date: Archive and Suite fields in Release files
Previous by thread: Re: Source only uploads?
Next by thread: Re: Source only uploads?
Index(es):
- Date
- Thread