[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian needs more buildds. It has offers. They aren't beingaccepted.

On Thu, Feb 19, 2004 at 08:31:17AM +0100, Ingo Juergensmann wrote:
> Wouter Verhelst said:
> > There's nothing funny about that. Before the compromise -when
> It's funny as in sarcastic fun.
> > ftp-master.d.o was still not restricted- there was no point in trying to
> > close down SSH access, as there were a thousand developers that had
> > shell access to that machine. Closing down a simple one-command SSH
> > access, and/or HTTP access, from buildd machines in such a situation is
> > pointless; it's far easier for an attacker to compromise a Debian
> > Developer's machine than to try to break into an autobuilder machine,
> > which is generally watched upon much closer than a random developer's
> > machine.
> > In the mean time, however, that situation has changed. It is now no
> Well, one could argue that basically nothing has changed. The threatening was
> always there and always be there. And from time to time there's is and will be
> a compromise. Nothing changed.

Well, yes, there's a difference. As I pointed out previously, it makes
not much sense trying to implement strict access controls from a small
number of systems if OTOH, there's a much larger group of people for
which the controls aren't relevant. If, however, without the large group
of people, the to-be-closed-down group is sufficiently small (check),
well-known (check), and the result if a break-in is potentially
extremely harmful (check; ftp-master is, uh, ftp-master), then it
suddenly makes a *lot* more sense to implement such access controls.

> You can't totally secure an open project with thousands of developers.

No, but you can secure a mirror archive network by restricting access to
its main server, which is what James is doing. That's reasonable;
hundreds of thousands of users depend on the integrity of our archive
network every day; we can't risk, not even remotely, for the archive to
be compromised.

Wouter Verhelst
Debian GNU/Linux -- http://www.debian.org
Nederlandstalige Linux-documentatie -- http://nl.linux.org
"Stop breathing down my neck." "My breathing is merely a simulation."
"So is my neck, stop it anyway!"
  -- Voyager's EMH versus the Prometheus' EMH, stardate 51462.

Attachment: signature.asc
Description: Digital signature

Reply to: