[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unofficial buildd network has been shut down



On Wed, Sep 01, 2004 at 05:24:31PM +0200, Thiemo Seufer wrote:
> Henrique de Moraes Holschuh wrote:
> [snip]
> > > are not allowed to think for themself and decide whom and what systems
> > > to trust. That was the message conveyed in the thread and on irc. Its
> > > not the place of a DD to decide for all of Debian whom to trust.
> > 
> > Obviously.  And from a security standpoint, that is the only sane position.
> > Trust is not, and cannot be transitory.
> 
> Following that rationale, you have now to remove gcc and everything
> compiled with it from debian, since no DD did a full code audit.

Don't be absurd. We build gcc from published sources that the whole
world can look at, and which a large number of people *do* look at on
a regular basis. It is not plausible for an exploit to be concealed in
there; too many people would have to know about it.

Free software is founded upon the principle of many eyes, not a web of
trust.

This is distinct from the case of a binary, which few people can
comprehend and even fewer actually do examine on anything resembling a
regular basis.

> > We should act as a whole on security matters.  If we decide that "third
> > party run" autobuilders are okay (for some definition of third party), then
> > they are okay for *everyone*.  Otherwise, they must "not be okay" for
> > anyone, or any security implications are being thrown out the window.
> 
> Only if you engage in black-and-white thinking, where any DD is
> automatically and absolutely trusted, while non-DDs deserve no
> trust at all.

No, you made that up yourself. The real model is that nobody is
trusted until explicitly determined otherwise. Becoming a developer is
one such way. There exist others. The critical point here is that it
is *not your decision* about who to trust on behalf of the entire
project.

-- 
  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

Attachment: signature.asc
Description: Digital signature


Reply to: