Re: Revival of the signed debs discussion
Henning Makholm <email@example.com> writes:
> Scripsit Goswin von Brederlow <firstname.lastname@example.org>
> > There is no security as strong as many people reading the source over
> > and over. You can't hack their brains to skip over the backdoor code
> > and you can only obfuscate a backdoor so much.
> I refer you to Ken Thompson's Turing award lecture. If someone who
> really means business manages to compromise binary toolchain debs, all
> the hackers in the world reading source over and over will not find
> the backdoor.
> (And "toolchain" here includes all code that is even marginally
> involved in the process leading to itself being recompiled. Libc,
> kernel images, lilo, dpkg, debhelper, perl, etc etc).
But their source is already secured by the same means.
One can maintain and update a debian system from source alone so one
only has to trust the peer reviewing of sources. Compromised binary
deb archives can be avoided.