[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MIPS port backlog, autobuilder machines and some arrogance

On Mon, Nov 17, 2003 at 03:56:44PM +0100, Goswin von Brederlow wrote:

> DDs have to sign and upload a package with a backdoor.
> On the buildd I can install a gcc or other tool that will silently add
> a backdoor to anything getting compiled and the buildd admin will sign
> and upload the package for me.
> Much more anonymous.

The whole point of signing packages is that it is not anonymous at all, but
traceable back to the signer.  Assuming the keyholder protects his key
adequately, there is reasonable assurance that the keyholder and the signer
are the same person.

 - mdz

Reply to: