Re: MIPS port backlog, autobuilder machines and some arrogance

To: debian-devel@lists.debian.org
Subject: Re: MIPS port backlog, autobuilder machines and some arrogance
From: Matt Zimmerman <mdz@debian.org>
Date: Wed, 19 Nov 2003 12:55:06 -0500
Message-id: <[🔎] 20031119175506.GT9377@dijkstra.csh.rit.edu>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87isljt55f.fsf@mrvn.homelinux.org>
References: <[🔎] E1ALj91-00041t-QO@hro.bluespice.org> <[🔎] 87isljt55f.fsf@mrvn.homelinux.org>

On Mon, Nov 17, 2003 at 03:56:44PM +0100, Goswin von Brederlow wrote:

> DDs have to sign and upload a package with a backdoor.
> 
> On the buildd I can install a gcc or other tool that will silently add
> a backdoor to anything getting compiled and the buildd admin will sign
> and upload the package for me.
> 
> Much more anonymous.

The whole point of signing packages is that it is not anonymous at all, but
traceable back to the signer.  Assuming the keyholder protects his key
adequately, there is reasonable assurance that the keyholder and the signer
are the same person.

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: MIPS port backlog, autobuilder machines and some arrogance
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>

References:
- Re: MIPS port backlog, autobuilder machines and some arrogance
  - From: ij@ax.westfalen.de
- Re: MIPS port backlog, autobuilder machines and some arrogance
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>

Prev by Date: Re: First pass all buildds before entering unstable
Next by Date: Re: MIPS port backlog, autobuilder machines and some arrogance
Previous by thread: Re: MIPS port backlog, autobuilder machines and some arrogance
Next by thread: Re: MIPS port backlog, autobuilder machines and some arrogance
Index(es):
- Date
- Thread