Re: Unofficial buildd network has been shut down

To: Thiemo Seufer <ica2_ts@csv.ica.uni-stuttgart.de>
Cc: debian-devel@lists.debian.org
Subject: Re: Unofficial buildd network has been shut down
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Wed, 1 Sep 2004 13:14:35 -0300
Message-id: <[🔎] 20040901161435.GH23852@khazad-dum.debian.net>
In-reply-to: <[🔎] 20040901152431.GB18189@rembrandt.csv.ica.uni-stuttgart.de>
References: <87acwb8gqb.fsf@toncho.dhh.gt.org> <87fz635m24.fsf@mrvn.homelinux.org> <87wtzf6xiq.fsf@toncho.dhh.gt.org> <87wtzf4235.fsf@mrvn.homelinux.org> <20040831183731.GF16699@riva.ucam.org> <87hdqj3pt2.fsf_-_@mrvn.homelinux.org> <[🔎] 20040901053654.GA24577@cloud.net.au> <[🔎] 87eklmjfyy.fsf@mrvn.homelinux.org> <[🔎] 20040901143719.GB23852@khazad-dum.debian.net> <[🔎] 20040901152431.GB18189@rembrandt.csv.ica.uni-stuttgart.de>

On Wed, 01 Sep 2004, Thiemo Seufer wrote:
> Following that rationale, you have now to remove gcc and everything
> compiled with it from debian, since no DD did a full code audit.

You mean "taking that rationale to the extreme".  Which I won't, because it
is not pratical, and therefore irrelevant for non-academic purposes.

> Free Software works only in a web of trust.

Yes.  We are talking about what we accept as a web of trust here.  It was
pointed out (and not by me) that what was being done with the buildds was
outside it.

I never even stated my position on whether the third-party buildds should be
"acceptable" (i.e. trusted) or not.  I will also *not* state it, since it
doesn't make any difference.

> > This is basic, and it is
> > acknowledged even on the most informal security model in existance: "a
> > secret stops being a secret if you tell it to anyone else/keep secrets to
> > yourself".
> 
> Non sequitur. Trust doesn't imply secrecy.

I never implied it did.  I gave you the simplest real-life, most informal
example of "common wisdom" where we have a trust-is-not-proxiable instance
that I know of.

> > We should act as a whole on security matters.  If we decide that "third
> > party run" autobuilders are okay (for some definition of third party), then
> > they are okay for *everyone*.  Otherwise, they must "not be okay" for
> > anyone, or any security implications are being thrown out the window.
> 
> Only if you engage in black-and-white thinking, where any DD is
> automatically and absolutely trusted, while non-DDs deserve no
> trust at all.

Apparently, I need to spell it out in very simple terms.

*MY* position is that:

  1. we should decide between two possibilities
     1.1. we trust someone to do something
     1.2. we don't trust someone to do something

  2. we *all* have to abide to either 1.1 or 1.2, and
     never to both at the same time. Otherwise
     the decision was meaningless in the first place.

  3. security requires that (1) and (2) above always
     be followed.

  4. for people who don't recall logic properly: the
     inverse of (3) does not apply.  Both (1) and
     (2) together do *NOT* imply any security whatsoever.

and that is it.

DD-ness is NOT a part of it.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- Re: Unofficial buildd network has been shut down
  - From: Hamish Moffatt <hamish@debian.org>
- Re: Unofficial buildd network has been shut down
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Unofficial buildd network has been shut down
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Unofficial buildd network has been shut down
  - From: Thiemo Seufer <ica2_ts@csv.ica.uni-stuttgart.de>

Prev by Date: Re: Please stop the flamewar madeness.
Next by Date: Obsolete init script
Previous by thread: Re: Unofficial buildd network has been shut down
Next by thread: Re: Unofficial buildd network has been shut down
Index(es):
- Date
- Thread