On Wed, Sep 01, 2004 at 05:24:31PM +0200, Thiemo Seufer wrote: > Henrique de Moraes Holschuh wrote: > [snip] > > > are not allowed to think for themself and decide whom and what systems > > > to trust. That was the message conveyed in the thread and on irc. Its > > > not the place of a DD to decide for all of Debian whom to trust. > > > > Obviously. And from a security standpoint, that is the only sane position. > > Trust is not, and cannot be transitory. > > Following that rationale, you have now to remove gcc and everything > compiled with it from debian, since no DD did a full code audit. Don't be absurd. We build gcc from published sources that the whole world can look at, and which a large number of people *do* look at on a regular basis. It is not plausible for an exploit to be concealed in there; too many people would have to know about it. Free software is founded upon the principle of many eyes, not a web of trust. This is distinct from the case of a binary, which few people can comprehend and even fewer actually do examine on anything resembling a regular basis. > > We should act as a whole on security matters. If we decide that "third > > party run" autobuilders are okay (for some definition of third party), then > > they are okay for *everyone*. Otherwise, they must "not be okay" for > > anyone, or any security implications are being thrown out the window. > > Only if you engage in black-and-white thinking, where any DD is > automatically and absolutely trusted, while non-DDs deserve no > trust at all. No, you made that up yourself. The real model is that nobody is trusted until explicitly determined otherwise. Becoming a developer is one such way. There exist others. The critical point here is that it is *not your decision* about who to trust on behalf of the entire project. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
Attachment:
signature.asc
Description: Digital signature