Re: Unofficial buildd network has been shut down

To: debian-devel@lists.debian.org
Subject: Re: Unofficial buildd network has been shut down
From: Thiemo Seufer <ica2_ts@csv.ica.uni-stuttgart.de>
Date: Wed, 1 Sep 2004 17:24:31 +0200
Message-id: <[🔎] 20040901152431.GB18189@rembrandt.csv.ica.uni-stuttgart.de>
In-reply-to: <[🔎] 20040901143719.GB23852@khazad-dum.debian.net>
References: <20040831144011.GH27932@zanclid.redellipse.net> <87acwb8gqb.fsf@toncho.dhh.gt.org> <87fz635m24.fsf@mrvn.homelinux.org> <87wtzf6xiq.fsf@toncho.dhh.gt.org> <87wtzf4235.fsf@mrvn.homelinux.org> <20040831183731.GF16699@riva.ucam.org> <87hdqj3pt2.fsf_-_@mrvn.homelinux.org> <[🔎] 20040901053654.GA24577@cloud.net.au> <[🔎] 87eklmjfyy.fsf@mrvn.homelinux.org> <[🔎] 20040901143719.GB23852@khazad-dum.debian.net>

Henrique de Moraes Holschuh wrote:
[snip]
> > are not allowed to think for themself and decide whom and what systems
> > to trust. That was the message conveyed in the thread and on irc. Its
> > not the place of a DD to decide for all of Debian whom to trust.
> 
> Obviously.  And from a security standpoint, that is the only sane position.
> Trust is not, and cannot be transitory.

Following that rationale, you have now to remove gcc and everything
compiled with it from debian, since no DD did a full code audit.

Free Software works only in a web of trust.

> This is basic, and it is
> acknowledged even on the most informal security model in existance: "a
> secret stops being a secret if you tell it to anyone else/keep secrets to
> yourself".

Non sequitur. Trust doesn't imply secrecy.

> We should act as a whole on security matters.  If we decide that "third
> party run" autobuilders are okay (for some definition of third party), then
> they are okay for *everyone*.  Otherwise, they must "not be okay" for
> anyone, or any security implications are being thrown out the window.

Only if you engage in black-and-white thinking, where any DD is
automatically and absolutely trusted, while non-DDs deserve no
trust at all.


Thiemo

Reply to:

Follow-Ups:
- Re: Unofficial buildd network has been shut down
  - From: Andrew Suffield <asuffield@debian.org>
- Re: Unofficial buildd network has been shut down
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

References:
- Re: Unofficial buildd network has been shut down
  - From: Hamish Moffatt <hamish@debian.org>
- Re: Unofficial buildd network has been shut down
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Unofficial buildd network has been shut down
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Bug#269445: ITP: viewglob -- A graphical display of directories referenced at the shell prompt
Next by Date: Re: Unofficial buildd network has been shut down
Previous by thread: Re: Unofficial buildd network has been shut down
Next by thread: Re: Unofficial buildd network has been shut down
Index(es):
- Date
- Thread